Posted on November 18, 2017 at 8:21 PM
The Pentagon accidentally leaked their data online which suggested that the organization has been monitoring users via their social media.
The Pentagon has just leaked a large portion of the US Department of Defense (DOD) classified information database. The information appears to mostly consist out of information that the DOD has been collecting on thousands of individuals from different nationalities using their social media accounts.
The data leak was discovered by a security expert, Chris Vickery, from the cybersecurity firm, UpGuard, who stumbled on three separate downloadable Amazon S3 servers. One of the downloadable servers held almost 1.8 billion social media posts that were created by thousands of people situated across the world. Some of the posts also included American posts. The posts seem to have been collected over a period of eight years.
The downloadable buckets were labelled as “centcom-backup”, “pacom-archive”, and “centcom-archive” respectively.
Vickery confirmed that the databases purely consisted of a huge amount of social media posts, which implies that the DOD has been readily conducting surveillance on thousands of people by looking through their social media accounts. No sensitive data from the Pentagon or any of the social media users were exposed, however, this surveillance conduct has raised new alarm bells for frequent social media users.
The majority of the collected social media posts were written either in English, Arabic, or Farsi. Vickery has estimated that this information gathering has been ongoing since at least August 2009. UpGuard stated in their report that the exposed data formed part of an information-gathering operation that the Pentagon was conducting.
According to the report published by the firm, several accounts were under surveillance who did not pose any threats to US national security. Several accounts also included American accounts, that once again did not appear to warrant this massive invasion of privacy. The paper emphasizes that this latest information has raised several questions regarding the DOD and Pentagon’s regard for civil rights.
So far neither the Pentagon nor the DOD has confirmed to what end the data was gathered. So far the posts seem to suggest that the US agencies were conducting surveillance at random, as the majority of accounts belonging to law-abiding citizens.
There is also the possibility that perhaps the exposed data could have been downloaded by hackers. So far this possibility has not been confirmed.
According to CNN, Vickery previously alerted the DoD regarding their vulnerable S3 buckets a few weeks ago, however, this has been rectified by the agency on 1 October, shortly following his report.
According to the spokesperson for the US Central Command, Major Josh Jacques, the agency has so far confirmed that the leaked data was exposed using certain techniques in order to bypass the agency’s security protocols. Jacques continued to add that after being alerted to the leak, Centcom acted quickly to add extra security measures to secure the S3 buckets and to prevent future leaks.
As to the nature of the information, Jacques stated that the social media posts were collected for the agency’s online engagement programmes and activities on public websites. Jacques stated that the posts were not intended to serve for intelligence purposes.
While scouring social media accounts, and storing posts are not technically illegal, it does raise several concerns regarding the Pentagon’s concern for basic privacy and other civil rights. Especially considering that they’ve allowed the posts to be leaked.
The Pentagon’s unsecured S3 buckets have let them down before. Earlier this year, the US contractor Booz Allen Hamilton, exposed 28GB worth of highly sensitive information which pertained to the National Geospatial-Intelligence Agency (NGA).