Latest NSA leak has exposed Red Disk, a failed intelligence system by the United States Army

NSA has reported yet another leak where a virtual disk image of a hard drive containing ‘highly sensitive' contents related to a United States Army Intelligence system was left online on a public Amazon Web Services (AWS) server. The code name designated to the Army intelligence system that the leak was a part of is ‘Red Disk’.

Image: NSA

Image: NSA

The unlisted yet public AWS storage server contained more than 100 GB of data from ‘Red Disk’ and anyone on the internet could access and download it as it was not protected by a password, as reported by ZDNet. According to the report, the unsecured storage server was discovered by Chris Vickery, the director of cyber risk research at UpGuard, on 27 September 2017. He informed the United States government about the ‘breach’ in October. What is surprising about this ‘breach’ is the fact that the information about the owner of the server is unknown at the time of writing.

This data leak marks the fifth ‘exposure’ in five years for the NSA after Edward Snowden disclosed the secret surveillance programs back in 2013, as pointed by the report. Other leaks include the one by Harold Martin, where he removed terabytes of secret data from NSA headquarters, and Reality Winner, who was indicted earlier this year.

According to the report, this virtual disk in question belonged to Army Intelligence and Security Command, also known as INSCOM, which is really a division of both the NSA and the Army. The report added that NSA and INSCOM were unavailable for comment at the time of writing. The virtual disk image turned out to be a snapshot of a hard drive taken from a Linux-based server. The snapshot dated back to May 2013 and it is a part of Red Disk. UpGuard pointed out that the storage server included 47 viewable files and folders in the main repository, where three were downloadable.

NSA INSCOM Leak Red Disk 2 16x9

The report detailed that ‘Red Disk’ was supposed to be a ‘cloud-based intelligence sharing system’ with ‘highly customisable cloud system’ capable of meeting the demand for complex and large Army operations. It was supposed to be modular and scalable and replace Army’s legacy platform known as the Distributed Common Ground System (DCGS) that was used to process all the gathered surveillance, intelligence and reconnaissance data and then share it.

One thing to note here is the fact that each branch of the United States military ‘has its own version’ of the intelligence sharing system. The system that the Army uses is stated to be the largest and that it struggles to scale with the demand. ‘Red Disk’ was supposed to provide a consolidated feed directly from Pentagon to the soldiers on the field with video feeds from drones, satellite images, documents and audio from a number of sources. However, it was slow, difficult to use and crash-prone to such an extent that a memo from 2014 termed it as ‘a major hindrance to operations’, as reported by the Associated Press. Which is a problem considering that the Pentagon spent ‘at least $93 million’ to develop the system.

NSA INSCOM Leak Red Disk 3 16x9

The snapshot of the virtual disk could not boot probably because of the back-end systems and servers required to authenticate and run the system. But the contents of the system were readable, giving a hint as to how Red Disk worked, with a number of directories implying that the disk was ‘top secret’ and restricted from being shared.

Red Disk also included an NSA system called NiFi that supported highly scalable and flexible data flows. The reason for this was because an enormous amount of data pertaining to intelligence videos, documents and audio from multiple sources could be sent to the system. NiFi helped Red Disk to route different kind of data to different computer systems over ‘geographically dispersed sites’ as mentioned in the report.

Once the data was redirected to different computer systems, the data from Red Disk could be organised and indexed for metadata tagging and data provenance process to verify the owner and source of the data. According to the report, all the data would be stored in the central repository for correlation, analysis and enrichment. Analysts working with NSA were able to pull the data from the central repository based on the level of their security clearance.

NSA INSCOM Leak Red Disk 1 16x9

Red Disk also came with plug-in apps like DOMEX to analyse seized electronic evidence or documents, biometric analysis tools and integrated human language technology for natural language query reports and the ability to play audio in English. The report also pointed out that analysts could also ‘target individuals of interest’ in the DCGS system for later action.

The virtual snapshot also included other sensitive files such as private keys for the system to access other servers on the internal network of the intelligence agency. These keys belong to Invertix, a ‘working partner’ for INSCOM. Last but not the least, Vickery reiterated that this exposure of data was ‘entirely avoidable’ in the long list of government leaks reported last year.


Updated Date: Nov 29, 2017 12:50 PM