Defense Contractor Lets Thousands of DoD Files Leak Into Public Domain
Defense contractor Booz Allen Hamilton (BAH) is catching some heat after apparent negligence resulted in 60,000 US Department of Defense (DoD) files being publicly exposed.
Booz Allen Hamilton Lets DoD Files Loose
Chris Vickery, a well-known security expert who now works for UpGuard’s Cyber Resilience Team, first discovered the files. Allegedly, they are related to a US National Geospatial-Intelligence Agency project — a combat support agency, under the United States Department of Defense.
Another analyst on the Cyber Resilience Team, Dan O’Sullivan, a colleague of Vickery, wrote that the compromised data was, in fact, highly sensitive — saying that it would “ordinarily require top secret-level security clearance” from the DoD.
Despite this, BAH denies any sensitive information was ever leaked or even made public. They claim no classified documents were contained in the Amazon server.
Additionally, according to BAH, the DoD have confirmed their claims:
“We have confirmed that none of those usernames and passwords could have been used to access classified information,” BAH explained in a statement to BBC.
However, it’s worthwhile noting that Vickery had tried to reach out to BAH regarding the compromised files — but after receiving no response from them he notified the DoD’s Geospatial-Intelligence Agency directly.
Only minutes after Vickery contacted the DoD agency, the problem seems to have been fixed — possibly demonstrating they believed the problem was more serious than previously thought.
Defense Contractors Getting in Trouble: An Ongoing Theme
Lately, it seems defense contractors are having a less-than-ideal time taking care of sensitive information. BAH also employed the infamous whistleblower Edward Snowden — who in 2013 fled to Hong Kong with thousands of classified documents from the National Security Agency (NSA).
Just this week, it was also discovered that Reality Leigh Winner, a contractor with Pluribus International Corporation, was arrested by the FBI and would be facing a charge of “gathering, transmitting or losing defense information” over leaking top-secret classified documents to the media.
According to reports, the documents concerned Russian attempts to access U.S. voting machine software.
Both Snowden and Winner blew the whistle on their employers within months of gaining jobs (and presumably passing a tough vetting process).
These may be isolated incidents, but they reveal the difficulties large organizations face when storing information that is both highly classified and accessible to thousands of people. When that information is digital and easily reproduced, that task gets exponentially harder.
What do you think of BAH’s information leak? Was it incompetence or an honest mistake? Let’s hear your thoughts below.
Images Via Booz Allen Hamilton and the National Geospatial Intelligence Agency