No wonder the Chinese Communist Party (CCP) is so confident they can win a war against the United States. The Biden regime is so clueless they cannot even properly secure sensitive military information.
For two full weeks an unsecured Department of Defense (DOD) server was leaking military emails online and no one noticed until Monday. The culprit was a so-called misconfiguration that left the server without a password.
The server was loaded with files containing sensitive personnel information from the past several years, including a completed SF-86 questionnaire. A SF-86 personnel questionnaire has bountiful amounts of background information on security clearance holders valuable to enemies of America.
One safely bet that China already has all of these files and is currently analyzing whether these could useful against America.
The U.S. Department of Defense secured an exposed server on Monday that was spilling internal U.S. military emails to the open internet for the past two weeks.
The exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense customers, which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data. The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations.
But a misconfiguration left the server without a password, allowing anyone on the internet access to the sensitive mailbox data inside using only a web browser, just by knowing its IP address.
The server was packed with internal military email messages, dating back years, some of which contained sensitive personnel information. One of the exposed files included a completed SF-86 questionnaire, which are filled out by federal employees seeking a security clearance and contain highly sensitive personal and health information for vetting individuals before they are cleared to handle classified information. These personnel questionnaires contain a significant amount of background information on security clearance holders valuable to foreign adversaries. In 2015, suspected Chinese hackers stole millions of sensitive background check files of government employees who sought security clearance in a data breach at the U.S. Office of Personnel Management.
None of the limited data seen by TechCrunch appeared to be classified, which would be consistent with USSOCOM’s civilian network, as classified networks are inaccessible from the internet.
According to a listing on Shodan, a search engine that crawls the web for exposed systems and databases, the mailbox server was first detected as spilling data on February 8. It’s not clear how the mailbox data became exposed to the public internet, but it’s likely due to a misconfiguration caused by human error.
TechCrunch contacted USSOCOM on Sunday morning during a U.S. holiday weekend but the exposed server wasn’t secured until Monday afternoon. When reached by email, a senior Pentagon official confirmed they had passed details of the exposed server to USSOCOM. The server was inaccessible soon after.