Is that an Amazon problem, or a government admin setting the wrong permissions on AWS problem?
Absolutely the latter. This is similar to how Snowden had access to all the stuff he leaked. He worked at a place that did contract work with the government and was mortified at all he had access to that he should have never been able to see.
There’s a shit ton of articles in the tech space about how companies keep fucking up with stuff like this. No reasonable expectation that the government and their contractors would do any better.
The real problem is Amazon hosting sensitive government files…
SECRETARY OF DEFENSE
1000 DEFENSE PENTAGON
WASHINGTON , DC 20301 - 1000
JANUARY 2021
CLASSIFIED: TOP SECRET - NOT FOR PUBLIC RELEASE
SUBJECT: RUSSIAN HACKINGS OF FEDERAL GOVERNMENT ASSETS
Throughout 2020, the United States received intelligence that Russian hackers have
infiltrated secure government databases and servers, including those located in The Pentagon, the
Intelligence Community, the US Treasury, the Department of Homeland Security, the Commerce
Department, and Health and Human Services. Within the servers affected, 18,000 US
organizations had malicious code in their networks; 50 of them suffered major breaches. As of
the 13th of December, when this knowledge was made known to US officials, the Cybersecurity
and Infrastructure Security Agency (CISA) has been working tirelessly to secure networks and
alleviate any vulnerabilities in the systems that were affected. Russia has denied responsibility
for such hackings.
This hacking poses a major threat to US cybersecurity, as it is one of the most significant
hackings in modern history. The Department of Defense, Homeland Security, and CISA have
urged Congress to take action against this emerging threat. In response, Congress has introduced
the following piece of legislation, named after an essential cybersecurity tool: A Bill to
C.A.P.T.C.H.A. (Create a Procedure to Combat Hacker Attacks). It is your responsibility as
Congress to come to a decision on this legislation before more damage is done.Sounds like BS to me. Anyone can host PDFs on AWS and spoof US government agencies, look up C.A.P.T.C.H.A. Congress. No hits for it. Did Russia hack into US government servers? Probably. Nonetheless, this reads like a scare piece and not a legitimate communication from the DoD.
It also names no names and gives no details, which is odd for something intended to be so internal. Even more damning, it’s addressed to congress, which famously leaks like a sieve.
That’s why I felt OK copying the whole first page. 🤣
It’s interesting scrolling through the search results. Seems like a lot of schools, municipalities, and the Philippines have a problem with distinguishing between confidential and public.
You must be one of those hackers I keep hearing about.
Might even be this 4chan guy I heared a lot about.
“The Net interprets censorship as damage and routes around it.” - John Gilmore
Nothing connected to the internet can be kept hidden indefinitely.
It can if you set up proper security but, well, the US government isn’t exactly known for that.
Well whadaya know… that works.
I only got two though!
toppublic secretThose aren’t real classified documents. They aren’t marked correctly.
