In yet another installment of the government incompetence saga, the U.S. Air Force held a backup hard drive that was left unsecured, exposing thousands of sensitive documents, including personal information on high-ranking officials.
The backup drive was connected to the internet, but was not protected by password security (whoever left out that detail needs to be fired ASAP). Hence, the files were accessible to anyone, according to ZDNet.
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess “top secret” clearance, and access to sensitive compartmented information and codeword-level clearance.
Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.
The drive is understood to belong to a lieutenant colonel, whose name we are not publishing. ZDNet reached out to the officer by email but did not hear back.
The data was finally secured, but only a week after the breach was noticed by security researcher Bob Diachenko.
Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.
Both of these so-called SF86 applications contain highly sensitive and detailed information, including financial and mental health history, past convictions, relationships with foreign nationals, and other personal information.
ZDNet spoke with several national security experts and former high-level government officials; they described this kind of information as the “Holy Grail” for foreign spies and enemies. ZDNet prudently declined to publish the names of the generals whose information was leaked.
“Some of the questions ask for information that can be very personal, as well as embarrassing,” said Mark Zaid, a national security attorney, in an email. The form allows prospective applicants to national security positions to disclose arrests, drug and alcohol issues, or mental health concerns, among other things, said Zaid.
Such a leak of data represents a huge risk not only for national security, but also the identities of these military officials. With this info, identity theft is certainly well within the realm of possibilities. Such information could also be used for blackmail.
Or, even worse, if certain enemies like the Islamic State gets these documents, they could be used to put targets on their backs. Such an idea would not be unprecedented.
As Robert Gehl reported back in August 2016, the Islamic State published a list of 700 U.S. Soldiers whom the terrorist group wanted killed.
The Radical Islamist group’s new hacking group, called “United Cyber Caliphate,” has posted these lists before, The Washington Times is reporting. It appears they get the names from random websites rather than some kind of “hacking” incident.
The headline on the website with the list reads: ““We want them #dead. #Revenge for Muslims. kill the dogs,” showing their nonsense affinity for “hashtags,” since the hashtags “#dead” and “revenge” are so commonplace to render them laughably meaningless.
Nonetheless, the fact that such a list was even created in the first place is highly concerning.