The Tech Corner is a technology news and advice column presented each week courtesy of Melvin McCrary at Georgia Computer Depot in Cedartown.
Thousands of files exposed containing information and expertise of Americans with confidential clearances
Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, for most of the year.
The files were under the control of TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants.
TalentPen could not be immediately reached for comment. TigerSwan repeatedly refused to provide any documentation showing TalentPen was at fault.
Found on an insecure Amazon S3 bucket without the protection of a password, the cache of roughly 9,400 documents reveal extraordinary details about thousands of individuals who were formerly and may be currently employed by the US Department of Defense and within the US intelligence community.
Other documents reveal sensitive and personal details about Iraqi and Afghan nationals who have cooperated and worked alongside US military forces in their home countries, according to the security firm who discovered and reviewed the documents. Between 15 and 20 applicants reportedly meet this criteria.
The files, unearthed this summer by a security analyst at the California-based cybersecurity firm UpGuard, were discovered in a folder labeled “resumes” containing the curriculum vitae of thousands of US citizens holding Top Secret security clearances — a prerequisite for their jobs at the Central Intelligence Agency, the National Security Agency, and the U.S. Secret Service, among other government agencies.
Due to the number of resumes involved, the true impact of the breach has yet to be fully realized. Some of the applicants were apparently involved in very sensitive and highly-classified military operations. According to UpGuard, at least one of the applicants claimed he was charged with the transportation of nuclear activation codes and weapons components.
These files contain home addresses, personal email accounts, and phone numbers. Some of these individuals may be currently employed by US spy agencies for work on Top Secret surveillance and intelligence-gathering operations.
US voting machine supplier leaks 1.8 million Chicago voter records
A leading U.S. supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.
State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed.
Jon Hendren, who works for the cyber firm UpGuard, discovered the breach on an Amazon Web Services device that was not secured by a password. The voter data was discovered by cyber risk analyst Chris Vickery who determined Election Systems & Software controlled the data. ES&S provides voting machines and services in at least 42 states. A spokesman for U.S. Sen. Dick Durbin of Illinois also confirmed that they had been made aware of the situation.
ES&S was notified this week by the FBI and began its own “full investigation.”
ES&S said the AWS server did not include “any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems.”
The company stressed that the leak had “no impact on the results of any election.”
The hackers discovered the personal records of 654,517 people who voted in Shelby County, Tennessee, including names, addresses, birthdates, and political party. The poll book was purchased on eBay.
GOP data firm accidentally leaks personal details of nearly 200 million American voters
Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.
The data leak contains personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity.
The data was amassed from a variety of sources — from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.
Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.
UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.
Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.
“This is valuable for people who have nefarious purposes.”
The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.