• Starbuck@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      For anyone wondering what a document should look like, the DoD publishes that for anyone to read. Just search Derivative Classifier Training. Spoiler alert: this ain’t what a top secret document looks like.

  • reddig33@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    8 months ago

    Is that an Amazon problem, or a government admin setting the wrong permissions on AWS problem?

    • wizardbeard@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      Absolutely the latter. This is similar to how Snowden had access to all the stuff he leaked. He worked at a place that did contract work with the government and was mortified at all he had access to that he should have never been able to see.

      There’s a shit ton of articles in the tech space about how companies keep fucking up with stuff like this. No reasonable expectation that the government and their contractors would do any better.

        • RonSijm@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          8 months ago

          It’s pretty common that AWS is doing that, they even have a special GovCloud for them.

          These companies are obviously just doing it wrong by having public S3 buckets

          • SturgiesYrFase@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            8 months ago

            I mean, Amazon isn’t necessarily in the wrong for providing the service. It’s governments trusting a private company, with a history of collecting more data than they should, with sensitive data. It’s just stupid, really really, mind numbingly, stupid

            • RonSijm@programming.dev
              link
              fedilink
              arrow-up
              0
              ·
              8 months ago

              Yea, that’s why I mentioned these companies are just doing it wrong. Governments have the same problems as private companies, in that they don’t really want to maintain their own cloud infrastructure, so they’ll use something like AWS

              But for example they could host their own On-premises HSM and encrypt their GovCloud to a degree that it’s inaccessible to AWS

    • RadicalCandour@startrek.website
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      It’s interesting scrolling through the search results. Seems like a lot of schools, municipalities, and the Philippines have a problem with distinguishing between confidential and public.

    • db2@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      SECRETARY OF DEFENSE
      1000 DEFENSE PENTAGON
      WASHINGTON , DC 20301 - 1000
      JANUARY 2021
      CLASSIFIED: TOP SECRET - NOT FOR PUBLIC RELEASE
      SUBJECT: RUSSIAN HACKINGS OF FEDERAL GOVERNMENT ASSETS
      Throughout 2020, the United States received intelligence that Russian hackers have
      infiltrated secure government databases and servers, including those located in The Pentagon, the
      Intelligence Community, the US Treasury, the Department of Homeland Security, the Commerce
      Department, and Health and Human Services. Within the servers affected, 18,000 US
      organizations had malicious code in their networks; 50 of them suffered major breaches. As of
      the 13th of December, when this knowledge was made known to US officials, the Cybersecurity
      and Infrastructure Security Agency (CISA) has been working tirelessly to secure networks and
      alleviate any vulnerabilities in the systems that were affected. Russia has denied responsibility
      for such hackings.
      This hacking poses a major threat to US cybersecurity, as it is one of the most significant
      hackings in modern history. The Department of Defense, Homeland Security, and CISA have
      urged Congress to take action against this emerging threat. In response, Congress has introduced
      the following piece of legislation, named after an essential cybersecurity tool: A Bill to
      C.A.P.T.C.H.A. (Create a Procedure to Combat Hacker Attacks). It is your responsibility as
      Congress to come to a decision on this legislation before more damage is done.

      • astraeus@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        8 months ago

        Sounds like BS to me. Anyone can host PDFs on AWS and spoof US government agencies, look up C.A.P.T.C.H.A. Congress. No hits for it. Did Russia hack into US government servers? Probably. Nonetheless, this reads like a scare piece and not a legitimate communication from the DoD.

        • CanadaPlus@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          8 months ago

          It also names no names and gives no details, which is odd for something intended to be so internal. Even more damning, it’s addressed to congress, which famously leaks like a sieve.

  • NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    “The Net interprets censorship as damage and routes around it.” - John Gilmore

    Nothing connected to the internet can be kept hidden indefinitely.

    • LostXOR@fedia.io
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      It can if you set up proper security but, well, the US government isn’t exactly known for that.