Researcher discovers classified Army intel app, data on open public AWS bucket

“Let me just pull all that TS/NOFORN stuff out of that public AWS bucket…” (credit: US Army)

After uncovering a massive trove of social media-based intelligence left on multiple Amazon Web Services S3 storage buckets by a Defense Department contractor, the cloud security firm UpGuard has disclosed yet another major cloud storage breach of sensitive intelligence information. This time, the data exposed includes highly classified data and software associated with the Distributed Common Ground System-Army (DCGS-A), an intelligence distribution platform that DOD has spent billions to develop. Specifically, the breach involves software for a cloud-based component of DCGS-A called “Red Disk.”

The Red Disk system was developed under an “urgent operational need” program aimed at delivering intelligence to troops with tablets and laptop computers on the ground in Afghanistan via a cloud computing architecture. The initiative was never fully deployed—and it slowly became a symbol of how defense contractors were mining emergency war funds from the military. DCGS-A continues to be expanded and deployed by the Army after more than a decade of continuous development.

UpGuard’s director of cyber risk research, Chris Vickery, discovered the publicly accessible S3 storage “bucket” on September 27 in the AWS subdomain “inscom.” INSCOM is the US Army’s Intelligence and Security Command, the Army’s internal operational intelligence branch based at Fort Belvoir in Virginia. INSCOM is also integrated into the National Security Agency’s Central Security Service—connecting the Army’s signals intelligence operations to the NSA.