Oklahoma Government Data Leak Exposes FBI Investigation Records, Millions of Department Files (zdnet.com) 28
An anonymous reader quotes a report from ZDNet: Researchers have disclosed the existence of a server exposed to the public which not only contained terabytes of confidential government data but information relating to FBI investigations. According to UpGuard cybersecurity researchers Greg Pollock and Chris Vickery, the open storage server belonged to the Oklahoma Department of Securities (ODS), a U.S. government department which deals with securities cases and complaints. The database was found through the Shodan search engine which registered the system as publicly accessible on November 30, 2018.
The UpGuard team stumbled across the database on December 7th and notified the department a day later after verifying what they were working with. To ODS' credit, the department removed public access to the server on the same day. In order to examine the security breach, the team was able to download the server's contents. The oldest records dated back to 1986 and the most recent was timestamped in 2016. In total, three terabytes of information representing millions of files. Contents ranged from personal data to system credentials and internal communication records. ODS said in a statement to ZDNet: "All state IP addresses, and many city and county addresses, are registered to OMES, but the agency has no visibility into the computer systems at the Oklahoma Department of Securities. For the past eight years the state has been working to consolidate all IT infrastructure under OMES and ODS had the option to consolidate its systems voluntarily and they did not."
The UpGuard team stumbled across the database on December 7th and notified the department a day later after verifying what they were working with. To ODS' credit, the department removed public access to the server on the same day. In order to examine the security breach, the team was able to download the server's contents. The oldest records dated back to 1986 and the most recent was timestamped in 2016. In total, three terabytes of information representing millions of files. Contents ranged from personal data to system credentials and internal communication records. ODS said in a statement to ZDNet: "All state IP addresses, and many city and county addresses, are registered to OMES, but the agency has no visibility into the computer systems at the Oklahoma Department of Securities. For the past eight years the state has been working to consolidate all IT infrastructure under OMES and ODS had the option to consolidate its systems voluntarily and they did not."
Re: (Score:1)
The USA fucks over other countries all the time. Keep sucking your own dick.
Tulsa Time (Score:3)
Am I the only one who's shocked that the "government" of Oklahoma had terabytes of confidential government data to begin with? If you've ever been to Oklahoma, you know what I mean. I would have thought you could fit all the government data in Oklahoma on a couple of 1.44mb floppy disks.
Re: (Score:1)
More megabits than teeth for sure
Re: (Score:2)
b) The Native American reservations aren't part of Oklahoma, so, technically, Ratzo's comments about Oklahoma would leave them out. That would leave out a large percentage of the Native American population.
In short, Ratzo is being derisively stereotypical only against Oklahomans, not Native Americans specifically. His comments are still hateful toward a group of people generically cast but not racism specifically. But we could charitably read the com
Re: (Score:2)
---
Official Reply (Score:2)
Will someone please translate that official reply from ODS into plain English?
Re: (Score:2)
A picture [pinimg.com] is worth 1000 words.
What's UpGuard? (Score:2)
Not much, you?
So where's the torrent? (Score:2)