Dem senator presses intelligence contractor on breaches

Dem senator presses intelligence contractor on breaches
© Getty Images

Sen. Claire McCaskillClaire Conner McCaskillDemocrats criticize Medal of Freedom for Limbaugh as 'slap in the face' Kansas City, Kan., responds to Trump tweet: We root for the Chiefs, too Trump mocked for Super Bowl tweet confusing Missouri for Kansas MORE (D-Mo.) is demanding one of the country's largest intelligence contractors explain how login credentials for employees with security clearance were left visible online.

In May, Chris Vickery, a researcher at the cybersecurity firm UpGuard, discovered documents from the contractor Booz Allen Hamilton in an Amazon cloud account not protected by password or encryption.

Anyone who knew where to look for the files could download them from any system. The files contained usernames and passwords that could be used on other sites. 

"This report raises serious questions about the security protocols that BAH has in place to prevent these types of occurrences," wrote McCaskill in a letter to the Booz Allen. 

ADVERTISEMENT

McCaskill noted in her letter that Booz Allen had been embroiled in two other substantial security failures in recent years; contractors Edward Snowden and Hal Martin both removing sensitive files from the company. 

Unlike the Snowden and Martin breaches, the cloud breach could be explained as unintentional. Misconfiguring cloud services is a common mistake. On Monday, Vickery found a similar unsecured cloud server with information on 198 million American voters. 

The Booz Allen files left visible to the public concerned a project the company was working on with the National Geospatial-Intelligence Agency, the United State's intelligence communities top map-maker. Vickery found the files on a public Amazon server rather than the more secure servers set up for government projects. 

McCaskill asks in her letter that Booz Allen explain what caused the files to be left in the open and the steps the company is taking to prevent it from happening in the future.