<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><a href="http://gizmodo.com/senator-probes-top-us-defense-contractor-over-leaked-da-1796277071">http://gizmodo.com/senator-probes-top-us-defense-contractor-over-leaked-da-1796277071</a></div><div dir="ltr"><br></div><div dir="ltr"><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">One of America’s top defense contractors is facing questions over its security practices after sensitive files tied to a Pentagon project were discovered on a publicly accessible Amazon server.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">In a letter on Tuesday, US Senator Claire McCaskill aired her concerns about security protocols at Booz Allen Hamilton, one the world’s top consulting firms, which generates annual revenues of more than $5 billion from an array of lucrative defense, intelligence, and homeland security contracts.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">In part, the Missouri senator’s concern stems from two high-profile security breaches at Booz Allen in recent years, including former National Security Agency contractor Edward Snowden, an employee of the company when he absconded to Hong Kong with a cache of top-secret documents in 2013.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Last month, Gizmodo reported exclusively on a 28GB trove of Booz Allen files uncovered by the cyber-resilience firm UpGuard, exposed on a cloud server without a password. The files, which were sensitive but unclassified, included work for the US National Geospatial-Intelligence Agency; the digital security credentials of a Booz Allen senior engineer; and other credentials stored in plain text, potentially granting access to other servers.</p><aside class="gmail-inset--story gmail-js_inset gmail-branded-item gmail-branded-item--gizmodo" style="box-sizing:inherit;clear:both;margin:2rem auto;padding:1.125rem;border:1px solid rgb(229,229,229);border-radius:5px;max-width:636px;display:flex;font-family:ElizabethSerif,Georgia,serif;font-size:16px">That incident, McCaskill said, raised “serious questions about the security protocols that [Booz Allen] has in place to prevent these types of occurrences.” She continued: “It’s of vital importance that no one can gain unauthorized access to national security information—but Booz Allen Hamilton put passwords and other sensitive information out there for the world to see.”</aside><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">McCaskill, the top-ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, said her inquiry was critical to understanding what Booz Allen was doing to “end this pattern.”</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Her three questions are as follows:</p><blockquote style="box-sizing:inherit;margin:0px auto 1.25rem;border-top:0px;border-right:0px;border-bottom:0px;border-left:none;padding:1.125rem;background-color:rgb(245,245,245);line-height:29px;color:rgb(51,51,51);font-family:ElizabethSerif,Georgia,serif;font-size:16px;max-width:636px;clear:both;overflow:visible;border-radius:3px"><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;line-height:29px;max-width:636px">1) What steps has [Booz Allen] taken to determine how this information became available on a publicly accessible server?</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;line-height:29px;max-width:636px">2) Has [Booz Allen] determined whether any policies or security protocols were breaches and what actions have been taken against any personnel responsible for the breach?</p><p style="box-sizing:inherit;margin:0px auto;word-break:break-word;padding:0px;line-height:29px;max-width:636px">3) What steps is [Booz Allen] taking in order to prevent similar occurrences in the future?</p></blockquote><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Booz Allen told Gizmodo on Tuesday that it welcomed Sen. McCaskill’s inquiry.</p><div class="gmail-js_ad-mobile-dynamic gmail-js_ad-dynamic" style="box-sizing:inherit;margin:0px;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px"></div><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">The company has confirmed, it said, that no classified data was affected by the recent incident. “No classified data was available on the affected unclassified cloud environments, and no usernames and passwords in that environment could have been used to access classified information. (Gizmodo’s story did not claim that classified material was exposed, only sensitive-but-unclassified US government information, which also requires strict controls with regard to distribution.)<br style="box-sizing:inherit"></p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">“As soon as we learned of this matter, we took action to secure the impacted area, alerted our client and began an investigation,” the company concluded.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Booz Allen’s statement conveys a willingness to cooperate with McCaskill, though minus a subpoena it’s under no legal obligation to actually do so. But McCaskill, who co-authored <a href="https://www.mccaskill.senate.gov/media-center/news-releases/security-clearance-background-checkssenate-passes-mccaskill-backed-bill-to-strengthen-national-security-process" target="_blank" rel="noopener" style="box-sizing:inherit;color:rgb(40,173,230);text-decoration-line:none;line-height:inherit">legislation</a> last year to reform the security clearance background check process, has some tools at her disposal to compel a response—among them, the free press.</p><div class="gmail-js_ad-dynamic" style="box-sizing:inherit;margin:0px;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px"></div><div class="gmail-js_ad-mobile-dynamic gmail-js_ad-dynamic" style="box-sizing:inherit;margin:0px;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px"><div class="gmail-ad-unit gmail-js_ad-unit gmail-ad-middleboard gmail-hide-for-large-down gmail-js_ad-middleboard gmail-hide-for-large-down" style="box-sizing:inherit;margin:0px;padding:0px;display:inherit"><div id="gmail-ad-container-75232307" class="gmail-ad-container gmail-js_ad-container" style="box-sizing:inherit;margin:0px;padding:0px;text-align:center;width:auto"></div></div></div><div class="gmail-ad-container gmail-js_ad-video gmail-row gmail-ad-wide gmail-ad-top gmail-js_ad-video-mobile" style="box-sizing:inherit;margin:0px;padding:0px;width:auto;max-width:63rem;text-align:center;line-height:0;font-family:ElizabethSerif,Georgia,serif;font-size:16px"><div class="gmail-ad-instream--waypoint" style="box-sizing:inherit;margin:0px;padding:0px"></div><div class="gmail-ad-instream gmail-ad-instream--elastic gmail-instream-permalink gmail-ad-instream__initial" style="box-sizing:inherit;margin:0px;padding:0px;max-width:636px;width:auto;height:0px;overflow:hidden"><div class="elastic__wrapper" style="box-sizing:inherit;margin:0px;padding:0px"><div class="gmail-ad-unit gmail-js_ad-unit gmail-ad-video gmail-js_ad-video" style="box-sizing:inherit;margin:0px;padding:0px"><div id="gmail-ad-container-96120101" class="gmail-ad-container gmail-js_ad-container" style="box-sizing:inherit;margin:0px;padding:0px;width:auto"><span id="gmail-js_instream_video-placeholder-96120101" class="gmail-js_instream-video-placeholder" style="box-sizing:inherit"></span></div></div></div></div></div><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">“It is always our assumption that companies will be responsive to our oversight requests,” added Drew Pusateri, a McCaskill senior advisor.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Security mishaps are not the only controversy plaguing Booz Allen at present. In <a href="https://www.boozallen.com/e/media/press-release/booz-allen-hamilton-media-statement-on-form-8-k.html" target="_blank" rel="noopener" style="box-sizing:inherit;color:rgb(40,173,230);text-decoration-line:none;line-height:inherit">a statement</a> on its website last week, the company revealed that the Justice Department is conducting a “civil and criminal investigation” into potential billing irregularities.</p><p style="box-sizing:inherit;margin:0px auto 1.25rem;word-break:break-word;padding:0px;font-family:ElizabethSerif,Georgia,serif;font-size:16px;line-height:29px;max-width:636px">Likewise, the company said it was fully cooperating and expected to bring the matter to “an appropriate resolution.”</p><div class="gmail-js_related-module gmail-related-module" style="box-sizing:inherit;margin:1.25rem auto 0px;padding:0px;max-width:636px;font-family:ElizabethSerif,Georgia,serif;font-size:16px"><div class="gmail-module-header gmail-js_related-header-region" style="box-sizing:inherit;margin:0px 0px 1.125rem;padding:1.75rem 0px 0px;border-top:1px solid rgb(229,229,229)"></div></div><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>