Unprotected Government Server Exposes Years of FBI Investigations

[Pickles von Brine]

Quote

A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files.

The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the Oklahoma Securities Commission and many sensitive FBI investigations—all wide open and accessible to anyone without any password.

Other severe files exposed included emails, social security numbers, names, and addresses of 10,000 brokers, credentials for remote access to ODS workstations, and communications meant for the Oklahoma Securities Commission, along with a list of identifiable information related to AIDS patients.

While the researcher doesn't know exactly how long the server was open to the public, the Shodan search engine revealed that the server had been publicly open since at least November 30, 2018, almost a week after (on December 7) Pollock discovered it.

Some real bad juju here. Someone is going to be loosing their job and ODS is going to be in a world of hurt. 

From some other news articles on this. It also looks like this leak basically allowed anyone to download government files. 

Source

ZDNet

Original article from Upguard

 

[Fnige]

...OOF

[givingtnt]

Yikes

[I-r0k]

FBI, please make your files more secure.

- A citizen that is paying your salaries

[Trik'Stari]

1 hour ago, I-r0k said:

FBI, please make your files more secure.

- A citizen that is paying your salaries

FBI, please stop hiding your shady dealings along with the extremely shady dealings of all of our "representatives".

- Another citizen that is paying your salaries.

 

Leak all of it.

[ARikozuM]

When the average citizen has better internet security than a federal/state agency... 

 

[williamcll]

Maybe they shut down the security systems because of the government funding?

[mxk]

50 minutes ago, williamcll said:

Maybe they shut down the security systems because of the government funding?

I doubt it. This kind of stuff is pretty important.

[Pickles von Brine]

This was prior to this mess we are in. Someone was an idiot/incompetent. 

[Subway]

[RuffRuffmcgruff]

GG No Re, someone is having the worse case of the shits today!

[LAwLz]

Please remember this the next time someone says government agencies should have access to our private information.

Leaks like these happens constantly, and the more access the government agencies has to our information, the more of it will become readable by everyone.

 

The only proper security is one with no backdoors or other deliberate weaknesses, even if "they can only be accessed by the government".

[D13H4RD]

Now I'm wondering whether senior government officials even set a passcode lock on their phones 

[Trik'Stari]

15 hours ago, LAwLz said:

Please remember this the next time someone says government agencies should have access to our private information.

Leaks like these happens constantly, and the more access the government agencies has to our information, the more of it will become readable by everyone.

 

The only proper security is one with no backdoors or other deliberate weaknesses, even if "they can only be accessed by the government".

I'll remember this the next time someone asks me to feel bad about a government employee not getting paid.

[peanuts104]

On 1/23/2019 at 6:26 PM, I-r0k said:

FBI, please make your files more secure.

- A citizen that is paying your salaries

It sounds like this was Oklahoma's fault, not the FBIs.  Oklahoma just happened to have FBI files on their server.