The contents of a virtual hard drive from the United States Army Intelligence and Security Command were leaked onto the Internet and found on a publicly accessible Amazon server, a cybersecurity firm announced Tuesday.
The data exposure was first discovered by Chris Vickery, the director of cyber risk research for UpGuard, in September. Vickery gained access to the Amazon Web Services S3 cloud storage bucket that included roughly 100 gigabytes of information related to an Army intelligence project, codenamed “Red Disk.”
He notified the federal government of the leak in October.
The Army Intelligence and Security Command is headquartered at Fort Belvoir, Va., and is a division of the U.S. Army and the National Security Agency.
According to UpGuard, the data leaked online exposed “internal data and virtual systems used for classified communications to anyone with an Internet connection.” The virtual hard drive and a Linux-based operating system were found on the server.
The cybersecurity firm said the server was likely used to allow for the exchange of classified information.
UpGuard said some of the files in the hard drive were marked as “Top Secret,” as well as “NOFORN,” which means the data is “so sensitive, it cannot even be shared with foreign allies.”
The Red Disk project, a component of the Distributed Common Ground System, was developed to allow troops from around the world to “update and exchange information in real time on the same intelligence databases,” according to the Associated Press.
The project, though, was largely deemed a failure, and the Army opened an investigation into the $93 million used for Red Disk.