•   
  •   
  •   

US Thousands of military contractor files allegedly left online, unsecure

07:50  03 september  2017
07:50  03 september  2017 Source:   thehill.com

Ex-contractor in leak case wants FBI admission suppressed

  Ex-contractor in leak case wants FBI admission suppressed SAVANNAH, Ga. — A young woman charged with leaking classified U.S. documents has asked a federal judge to rule that comments she made to FBI agents before her arrest can't be used as evidence.Reality Winner, a former Air Force linguist who held a top-secret security clearance, worked as a government contractor in Augusta, Georgia, until she was charged with copying a classified report and mailing it to an online news organization.

Thousands of military contractor files allegedly left online, unsecure© Provided by The Hill Thousands of military contractor files allegedly left online, unsecure

Thousands of files containing personal information of military and intelligence personnel were allegedly left unsecured and available for public download on a misconfigured cloud server before being discovered earlier this year.

The files originated starting in 2009 and were traced back to TigerSwan, a North Carolina-based private security firm. But on Saturday, TigerSwan pointed blame at a third-party recruitment firm that apparently worked for the company until February named TalentPen.

The files, largely resumes, mostly came from members of the military, but also included intelligence veterans, a police chief and a United Nations worker in the Middle East. The files included personal contact information, such as addresses, phone numbers and private email addresses.

Stolen military equipment worth more than $1M sold on eBay, testimony reveals

  Stolen military equipment worth more than $1M sold on eBay, testimony reveals More than $1 million of U.S. military equipment was stolen from a base in Kentucky and sold on eBay, according to testimony from a federal trial this week. More than $1 million of U.S. military equipment was stolen from a base in Kentucky and sold on eBay, according to testimony f John Roberts, a 27-year-old from Clarksville, Tennessee, testified Wednesday that he didn’t know the equipment he received was stolen.“I didn’t try to hide anything,” Roberts said Wednesday. “That’s why I filed taxes on everything I sold on eBay. I thought it was okay.

Chris Vickery, a researcher at security firm Upguard, said he discovered the unsecured set of resumes on a public-facing Amazon cloud server in July that was not protected by any form of login. Typically, this is the result of misconfigured security settings.

"I hope we were the only people to find them," he told The Hill.

While the files were discovered in July, they were not taken down until the end of August due to confusion over the source of the resumes.

In February, when TigerSwan canceled its contract with TalentPen, TigerSwan claims the recruiter used Amazon cloud services to transfer the resumes it had amassed to TigerSwan.

TigerSwan said that transfer was conducted using high-end encryption and TalentPen was supposed to immediately delete the files. But the files remained on the site and due to an apparent security setting misconfiguration, those files were not encrypted.

Mom Shoots Teen in Revenge Killing for Daughter’s Rape, Prosecutors Say

  Mom Shoots Teen in Revenge Killing for Daughter’s Rape, Prosecutors Say A Florida woman is facing a murder charge after she allegedly lured a teenager into meeting her and her brother, took him into a wooded area, and killed him. According to court documents, Connie Serbu told police that Xavier Sierra, a family acquaintance, had sexually assaulted her daughter years earlier, when the girl was about 6 years old. Serbu’s daughter told her about this in May 2016, and just over a month later, Serbu put her plan into action, a police affidavit says.Police responded to the scene on July 7, 2016 after Serbu herself called 911.

When Upguard contacted TigerSwan in July, TigerSwan said it believed Upguard was in error since TigerSwan does not store resumes on the Amazon cloud and since it believed TalentPen had both encrypted and deleted its copies.

At the end of August, Upguard contacted Amazon, which had TalentPen remove the files, but did not reveal to Upguard that TalentPen was the customer. TigerSwan claims TalentPen never notified them, either.

"TalentPen never notified us of their negligence with the resume files nor that they only recently removed the files," TigerSwan said in a statement.

TigerSwan said it was unaware that TalentPen had made the error until The Hill contacted them for a story earlier this week and raised the possibility that a recruiter had left the files online. Until then, TigerSwan argued the files were not theirs.

"It was only when we reached out to [TalentPen] with the information on August 31st did they acknowledge their actions," TigerSwan said in their statement.

TigerSwan provided screen shots of an email from its former account manager at TalentPen explaining that the company had dissolved earlier that year. However, that manager still had access to billing records for the Amazon cloud account and confirmed that the account showed "activity that seems consistent with the number of files and the size of the over-all[sic] number of files."

TigerSwan is encouraging any applicants for positions who submitted resumes during its contract with TalentPen to contact the company to check if any personally identifiable information was left vulnerable.

Former TalentPen management did not respond to requests for comment.

Police: Man pointed gun at woman over political bumper stickers .
<p>A Missouri man faces a felony charge after he allegedly pointed a gun at a local Democratic activist whose political bumper stickers he disliked.</p>SPRINGFIELD, Mo. —A Missouri man faces a felony charge after he allegedly pointed a gun at a local Democratic activist whose political bumper stickers he disliked.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!