Those aren’t real classified documents. They aren’t marked correctly.
For anyone wondering what a document should look like, the DoD publishes that for anyone to read. Just search Derivative Classifier Training. Spoiler alert: this ain’t what a top secret document looks like.
toppublic secretWell whadaya know… that works.
I only got two though!
Is that an Amazon problem, or a government admin setting the wrong permissions on AWS problem?
Absolutely the latter. This is similar to how Snowden had access to all the stuff he leaked. He worked at a place that did contract work with the government and was mortified at all he had access to that he should have never been able to see.
There’s a shit ton of articles in the tech space about how companies keep fucking up with stuff like this. No reasonable expectation that the government and their contractors would do any better.
The real problem is Amazon hosting sensitive government files…
It’s pretty common that AWS is doing that, they even have a special GovCloud for them.
These companies are obviously just doing it wrong by having public S3 buckets
I mean, Amazon isn’t necessarily in the wrong for providing the service. It’s governments trusting a private company, with a history of collecting more data than they should, with sensitive data. It’s just stupid, really really, mind numbingly, stupid
Yea, that’s why I mentioned these companies are just doing it wrong. Governments have the same problems as private companies, in that they don’t really want to maintain their own cloud infrastructure, so they’ll use something like AWS
But for example they could host their own On-premises HSM and encrypt their GovCloud to a degree that it’s inaccessible to AWS
It’s interesting scrolling through the search results. Seems like a lot of schools, municipalities, and the Philippines have a problem with distinguishing between confidential and public.
SECRETARY OF DEFENSE
1000 DEFENSE PENTAGON
WASHINGTON , DC 20301 - 1000
JANUARY 2021
CLASSIFIED: TOP SECRET - NOT FOR PUBLIC RELEASE
SUBJECT: RUSSIAN HACKINGS OF FEDERAL GOVERNMENT ASSETS
Throughout 2020, the United States received intelligence that Russian hackers have
infiltrated secure government databases and servers, including those located in The Pentagon, the
Intelligence Community, the US Treasury, the Department of Homeland Security, the Commerce
Department, and Health and Human Services. Within the servers affected, 18,000 US
organizations had malicious code in their networks; 50 of them suffered major breaches. As of
the 13th of December, when this knowledge was made known to US officials, the Cybersecurity
and Infrastructure Security Agency (CISA) has been working tirelessly to secure networks and
alleviate any vulnerabilities in the systems that were affected. Russia has denied responsibility
for such hackings.
This hacking poses a major threat to US cybersecurity, as it is one of the most significant
hackings in modern history. The Department of Defense, Homeland Security, and CISA have
urged Congress to take action against this emerging threat. In response, Congress has introduced
the following piece of legislation, named after an essential cybersecurity tool: A Bill to
C.A.P.T.C.H.A. (Create a Procedure to Combat Hacker Attacks). It is your responsibility as
Congress to come to a decision on this legislation before more damage is done.Sounds like BS to me. Anyone can host PDFs on AWS and spoof US government agencies, look up C.A.P.T.C.H.A. Congress. No hits for it. Did Russia hack into US government servers? Probably. Nonetheless, this reads like a scare piece and not a legitimate communication from the DoD.
That’s why I felt OK copying the whole first page. 🤣
It also names no names and gives no details, which is odd for something intended to be so internal. Even more damning, it’s addressed to congress, which famously leaks like a sieve.
You must be one of those hackers I keep hearing about.
Might even be this 4chan guy I heared a lot about.
“The Net interprets censorship as damage and routes around it.” - John Gilmore
Nothing connected to the internet can be kept hidden indefinitely.
It can if you set up proper security but, well, the US government isn’t exactly known for that.
