Researcher finds publicly accessible server with secret NSA files

Security researcher Chris Vickery, in his search for unsecured servers, has found a collection of documents belonging to the US military and the NSA. Some files had attributes like ‘top secret’.

According to the researcher, the data belongs to INSCOM, in which both the military and the NSA are represented. He says he found evidence that the server in question was operated by Invertix, an INSCOM subcontractor that no longer exists. In total there were 47 files and folders, three of which were downloadable. Vickery found the files on an unsecured AWS-S3 server in September. Anyone who had the correct URL could see the contents of this bucket.

Among the files to download was an ova file containing a Linux virtual machine and six associated partitions with sizes between 1GB and 69GB. This VM was called ssdev and was used to fetch files from a Pentagon server. Vickery writes that most files in the VM were only accessible if a connection to the Pentagon was established. The properties of the files indicated that they were documents with characteristics such as ‘top secret’ and ‘noforn’, meaning that they are secret files that may not be shared with foreign allies.

The researcher also found private keys and hashed passwords belonging to Invertix administrators, which may provide further access to systems if they are still valid. The other two files were a readme file and a jar file for training purposes. A folder within the vm contained files intended for use with Red Disk. According to an article by The New York Post, that was a system to give military personnel in Afghanistan access to a ‘cloud environment’ containing intelligence databases.

Vickery writes in his blog post that he often finds unsecured servers with sensitive data, but that this is the first where he found classified government information. For example, he previously found a server with information about 198 million American voters.

Screenshot of the Inscom files