It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Massive US military social media spying archive left wide open in AWS S3 buckets
Dozens of terabytes exposed, your tax dollars at work
By Iain Thomson in San Francisco 17 Nov 2017 at 20:08
Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.
The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.
CENTCOM is the common abbreviation for the US Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for US Pacific Command, covering the rest of southern Asia, China and Australasia.
Vickery told The Register today he stumbled upon them by accident while running a scan for the word "COM" in publicly accessible S3 buckets. After refining his search, the CENTCOM archive popped up, and at first he thought it was related to Chinese multinational Tencent, but quickly realized it was a US military archive of astounding size.
"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate."
Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens.
originally posted by: musicismagic
Try not to post you face on Youtube, that is a start.
originally posted by: AnkhMorpork
What really freaks me out most about this story, is that no one seems freaked out by it at all really.
..and in today's news, billions and billions of social media posts are sucked up and stored by the US military.
It's like that Obama authorized program which was unmasking (internally) 10's of millions of Americans.
That was against the law! No one was charged or held accountable.
The difference with social media posts i suppose is that in making the post in the public forum makes the data public domain.
I'm thinking seriously about suicide, Facebook suicide.
I've also changed my mind about being a Youtube star.. lol
The poor CSTAR cyber risk scores of CENTCOM and PACOM - 542 and 409 , respectively, out of a maximum of 950 - is a further indication that even the most sensitive intelligence organizations are not immune to sizable cyber risk. Finally, the collection of billions of internet posts in several unsecured data repositories raises further questions about online privacy, as well as regarding the right to freely express your beliefs online.
They're screwed themselves, particularly when these tools start to get used on they themselves ie: like the Podesta brothers and the like.