New York University has accidentally exposed a military computer code-breaking project to the internet according to a new report.
The report from the Intercept explains how one man discovered that New York University was hosting extremely sensitive documents on a public cloud backup.
“In early December, 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be,” detailed The Intercept on Thursday. The report continued, “He came across a server inside New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the brilliant Chudnovsky brothers, David and Gregory. The server appeared to be an Internet-connected backup drive. But instead of being filled with family photos and spreadsheets, this drive held confidential information on an advanced code-breaking machine that had never before been described in public.”
“Dozens of documents spanning hundreds of pages detailed the project, a joint supercomputing initiative administered by NYU, the Department of Defense, and IBM. And they were available for the entire world to download,” The report continued. “The supercomputer described in the trove, ‘WindsorGreen,’ was a system designed to excel at the sort of complex mathematics that underlies encryption, the technology that keeps data private, and almost certainly intended for use by the Defense Department’s signals intelligence wing, the National Security Agency.”
Adam, whose real name was kept unpublished for security reasons, said in a comment that the lack of security surrounding the documents was “absolute insanity.”
“The fact that this software, these spec sheets, and all the manuals to go with it were sitting out in the open for anyone to copy is just simply mind blowing,” he declared. “All of this leaky data is courtesy of what I can only assume are misconfigurations in the IMAS (Institute for Mathematics and Advanced Supercomputing) department at NYU. Not even a single username or password separates these files from the public internet right now. It’s absolute insanity.”
According to the report, the documents found on the cloud backup also included warnings such as “DISTRIBUTION LIMITED TO U.S. GOVERNMENT AGENCIES ONLY,” “REQUESTS FOR THIS DOCUMENT MUST BE REFERRED TO AND APPROVED BY THE DOD,” and “IBM Confidential,” reiterating their sensitivity.
New York University has so far refused to acknowledge the breach, and both the university and the Chudnovsky brothers refused to comment.
You can read the full report at The Intercept.