‘Holy grail’ for spies: Sensitive US Air Force documents left exposed online
For an indeterminable amount of time, a backup drive chock full of personal and government information was left exposed to the public online, according to a report by ZDNet. The drive, not protected by a password, contained intimate details of thousands of Air Force officers, some of whom have top secret security access, and login information to a Department of Defense internal system containing names of staff with security clearances.
The drive was first discovered by MacKeeper security researchers. The information has since been taken offline. Many of the materials were marked as "confidential" or "sensitive," but none were labeled classified, ZDNet reported.
How long the drive was available to outside parties, or whether anyone besides MacKeeper researchers found the files, is yet unknown, ZDNet reported.
The cache of documents included security clearance renewal applications filled out by two four-star generals who recently served in top Pentagon or NATO positions but have since retired. The SF86 questionnaires require applicants to detail their past, including mental health issues, crimes for which they have been convicted, relationships with foreign nationals, medical history, Social Security numbers and bank account details, among other data.
More documents contained security clearance levels of one general, passport applications of another general and his wife, and a copy of NATO's Information Security Training Manual.
A spreadsheet in the cache listed the names and ranks of officers under investigation by the Department of Defense for a range of alleged infractions, including abuse of power and the wrongful disclosure of classified information. One major general is accused of funneling $50,000 per year from a sports commission to the National Guard, MacKeeper reported.
Another spreadsheet contained personal information, including passport and Social Security numbers, for celebrities such as actor Channing Tatum, who participated in a six-day tour of Afghanistan in 2015.
Several gigabytes of Outlook email files going back several years were also included in the exposed documentation.
One document contained a username and password – belonging to the lieutenant colonel responsible for the data breach – that accessed a sensitive internal Pentagon system containing security clearance information for DoD staff members.
The lieutenant colonel did not respond to ZDNet's request for comment, nor did specific four-star generals whose names were included in the exposed data. The Pentagon also would not comment.
The leaked data amounts to a "holy grail" for potential blackmail of a host of Air Force officers whose personal data was included in the collection, experts said.
"Foreign powers might use that information to target those individuals for espionage or to otherwise monitor their activity in the hopes of gaining insight into US national security posture," Susan Hennessey, a Brookings fellow and a former attorney at the National Security Agency, told ZDNet.
She added that, in this instance, the government failed "to protect the privacy of those who serve and their families and to protect them against being placed in difficult situations unnecessarily."