Pentagon Contractor exposes US Web Monitoring Program by disregarding Cloud Security


A Pentagon Contractor has exposed the US military-sponsored Web Monitoring Program by accidentally revealing 1.8 billion social media posts stored on Amazon Storage Buckets. And this technical blunder happened when the contractor failed to configure the S3 bucket from the public to private. 

The incident was brought to the notice of the media when a security expert from UpGuard discovered the misconfigured AWS S3 buckets containing the data related to the web monitoring program carried out by the US Central Command (CENTCOM) and US Pacific Command (PACOMM).

Chris Vickery, of UpGuard, said that he found the CENTCOM archive while scanning publicly accessible S3 buckets for the word COM. It’s said that the buckets contained dozens and dozens of terabytes of collected social media posts of the US Populace.

The Pentagon incident not only exposed the secret web monitoring program carried out by US Military on its populace but also exposed the shoddy security practices carried out by dreaded 3rd parties inside government agencies.

Vickery said that the repository contained data related to Keywords such as Arabic and Parsi dialects, apart from the regular posts put forth by Americans. It also contained data related to content captured from news sites, comments section, web forums, and social media sites like Facebook, featuring multiple languages and originating from various countries across the world.

The Pentagon repository hosted on Amazon cloud also contained a data folder with the name “Coral” which refers to the US Army’s Coral Reef Intelligence Software.

While the PACOM folder contained social media posts from 2009 to 2015, the CENTCOM contained posts since 2009 to the present day.

Note- VendorX Company is said to be the contractor in discussion and was assigned to the project of gather data. Now the company is said to be Defunct and is no longer assigned to the duty.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display