US Thousands of military contractor files allegedly left online, unsecure

07:50  03 september  2017
07:50  03 september  2017 Source:   thehill.com

White House to send memo to Pentagon soon on transgender ban

  White House to send memo to Pentagon soon on transgender ban The White House is expected to tell the Pentagon in coming days how to implement a ban on transgender people in the military, according to a memo that says the defense secretary may decide whether to remove service members based on their ability to deploy, a U.S. official said on Wednesday. The two-and-a-half-page White House document gives Defense Secretary Jim Mattis six months to fully implement the ban, according to a story first reported by The Wall Street Journal and confirmed by the official.

Thousands of military contractor files allegedly left online, unsecure© Provided by The Hill Thousands of military contractor files allegedly left online, unsecure

Thousands of files containing personal information of military and intelligence personnel were allegedly left unsecured and available for public download on a misconfigured cloud server before being discovered earlier this year.

The files originated starting in 2009 and were traced back to TigerSwan, a North Carolina-based private security firm. But on Saturday, TigerSwan pointed blame at a third-party recruitment firm that apparently worked for the company until February named TalentPen.

The files, largely resumes, mostly came from members of the military, but also included intelligence veterans, a police chief and a United Nations worker in the Middle East. The files included personal contact information, such as addresses, phone numbers and private email addresses.

McCain: 'Step in the wrong direction' to force transgender people out of military

  McCain: 'Step in the wrong direction' to force transgender people out of military Trump has instructed the Pentagon to explore how to handle those currently serving in the armed forces.McCain, the chairman of the Senate Armed Services Committee, said "it would be a step in the wrong direction to force currently serving transgender individuals to leave the military solely on the basis of their gender identity rather than medical and readiness standards that should always be at the heart of Department of Defense personnel policy.

Chris Vickery, a researcher at security firm Upguard, said he discovered the unsecured set of resumes on a public-facing Amazon cloud server in July that was not protected by any form of login. Typically, this is the result of misconfigured security settings.

"I hope we were the only people to find them," he told The Hill.

While the files were discovered in July, they were not taken down until the end of August due to confusion over the source of the resumes.

In February, when TigerSwan canceled its contract with TalentPen, TigerSwan claims the recruiter used Amazon cloud services to transfer the resumes it had amassed to TigerSwan.

TigerSwan said that transfer was conducted using high-end encryption and TalentPen was supposed to immediately delete the files. But the files remained on the site and due to an apparent security setting misconfiguration, those files were not encrypted.

Ex-contractor in leak case wants FBI admission suppressed

  Ex-contractor in leak case wants FBI admission suppressed SAVANNAH, Ga. — A young woman charged with leaking classified U.S. documents has asked a federal judge to rule that comments she made to FBI agents before her arrest can't be used as evidence.Reality Winner, a former Air Force linguist who held a top-secret security clearance, worked as a government contractor in Augusta, Georgia, until she was charged with copying a classified report and mailing it to an online news organization.

When Upguard contacted TigerSwan in July, TigerSwan said it believed Upguard was in error since TigerSwan does not store resumes on the Amazon cloud and since it believed TalentPen had both encrypted and deleted its copies.

At the end of August, Upguard contacted Amazon, which had TalentPen remove the files, but did not reveal to Upguard that TalentPen was the customer. TigerSwan claims TalentPen never notified them, either.

"TalentPen never notified us of their negligence with the resume files nor that they only recently removed the files," TigerSwan said in a statement.

TigerSwan said it was unaware that TalentPen had made the error until The Hill contacted them for a story earlier this week and raised the possibility that a recruiter had left the files online. Until then, TigerSwan argued the files were not theirs.

"It was only when we reached out to [TalentPen] with the information on August 31st did they acknowledge their actions," TigerSwan said in their statement.

TigerSwan provided screen shots of an email from its former account manager at TalentPen explaining that the company had dissolved earlier that year. However, that manager still had access to billing records for the Amazon cloud account and confirmed that the account showed "activity that seems consistent with the number of files and the size of the over-all[sic] number of files."

TigerSwan is encouraging any applicants for positions who submitted resumes during its contract with TalentPen to contact the company to check if any personally identifiable information was left vulnerable.

Former TalentPen management did not respond to requests for comment.

US troops participate in military exercise in Ukraine days before major Russian war game .
US troops are currently taking part in a multinational military exercise in Ukraine, an exercise that comes just days before Russia is scheduled to launch their own massive military maneuvers that have put the region on edge. Approximately 1,650 service members from 15 different countries are participating in Exercise Rapid Trident 2017 which began Monday and will last until September 23, Pentagon spokesman Johnny Michael told CNN.

—   Share news in the SOC. Networks

Topical videos:

usr: 3
This is interesting!