On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services’ S3 storage service that contained highly classified intelligence data. The files, which were connected to the US National Geospatial-Intelligence Agency (NGA)—the US military’s provider of battlefield satellite and drone surveillance imagery—were posted to an account linked to defense and intelligence contractor Booz Allen Hamilton. The data was classified at up to the Top Secret level.
Based on domain-registration data tied to the servers linked to the S3 “bucket,” the data was apparently tied to Booz Allen and another contractor, Metronome. Also present in the data cache was a Booz Allen Hamilton engineer’s remote login (SSH) keys, as well as login credentials for at least one system in the company’s data center.
Vickery immediately sent an e-mail to Booz Allen Hamilton’s chief information security officer but received no response. The next morning, he contacted the NGA and within nine minutes, access to the storage bucket was cut off. At 8PM Eastern time on May 25, Booz Allen Hamilton’s security team finally responded and confirmed the breach.