This is called a dumpling. As reported by the American media TechCrunch, a large number of internal emails from the USSOCOM (a department dedicated to special forces that has 70,000 people) were accessible online for two weeks. In total, 3 terabytes of potentially sensitive messages were stripped of any security. That’s the volume equivalent of about fifty 64GB iPhones.
configuration error
The flaw was discovered by Anurag Sen, a cybersecurity researcher, in early February. It was finally corrected on February 20 by the US authorities, more than 24 hours after they were warned by TechCrunch journalists.
According to Anurag Sen, the origin of this incident is a simple server configuration error, probably human: a member of the Pentagon’s IT team simply forgot to protect the system with a password. Every Internet user with the server’s IP address would thus be able to access all emails.
According to TechCrunch, the exchanges are several years old, but contain a lot of personal information about military personnel. If it is very sensitive data, no classified document seems to be in question.
The USSOCOM, which has opened an investigation on this subject, ensures that at this stage no intrusion has been detected -apart from that of the researcher Anurag Sen-. However, the Pentagon declined to specify whether it had any means of ensuring that no copy of this data was made.
Source: BFM TV
