Chris Vickery, a cyber risk analyst from UpGuard, successfully retrieved a cache of 60,000 documents related to a United States military project for the National Geospatial-Intelligence Agency (NGA). The sensitive files (close to 28 GB) linked to the U.S. intelligence agency were left unsecured (without a password) on a public Amazon server for anyone to access. Some of these files included the private SSH keys of a Booz Allen – one of country’s top defense contractors – employee, and various plain text passwords belonging to contractors with Top Secret Facility clearance.
These credentials could have granted administrative access to highly protected Pentagon servers, giving way to catastrophic consequences if found in the wrong hands.
How important are SSH keys?
SSH, PGP and asymmetric keys help machines identify, authenticate and communicate with each other over a secure channel. However, this channel is only as secure as the keys guarding it. SSH keys are like weapons that help you defend against attacks. But, when those weapons are compromised, they can become the threat instead of the shield.
Over 80% of today’s enterprises use a form of SSH protocol in their infrastructure. Yet, the importance of properly managing this underlying infrastructure is rarely understood until after a breach. Using just one stolen SSH key, hackers can gain access to an enterprise’s server, search for more keys and then access the remaining servers, thus using a single key to attack the entire infrastructure.
Unlike X.509 certificates, the SSH keys were never meant to expire, leaving enterprises more susceptible to this kind of detrimental breach. These keys must be manually retired periodically to avoid opening permanent back doors to sensitive data.
Unfortunately, our recent survey at the RSA event revealed that over 47% of our respondents did not employ this crucial SSH key rotation. In conducting additional research, we found that the primary reason our respondents did not enforce SSH key rotation was lack of visibility across all keys. Enterprises want to keep their systems safe using SSH keys, but by failing to keep those same keys secure, they are ultimately more at-risk. Without protecting their SSH, PGP and asymmetric keys, enterprises are as vulnerable as ever to circumstances like the ones Booz Allen Hamilton saw.
How is the blunder being handled?
The NGA and Booz Allen Hamilton immediately revoked the affected credentials since the discovery and are investigating the issue. While NGA assesses its cyber security protections and procedures with all of its industry partners, Booz Allen Hamilton is currently assessing the accessibility of each of its security keys in the cloud to determine a proper course of action.
Conclusion
Until the NGA and Booz Allen Hamilton gain full SSH access visibility, there will always be risk of a significant breach. Enterprises need to understand the importance of a well-documented SSH key management strategy which includes a periodic SSH key discovery tool, dynamic SSH key inventory population and secure key management in cloud, to prevent misuse. With the right technology, enterprises can efficiently protect their private keys from unauthorized access and enforce stringent protocols on any data center – on-premises or the cloud.
For more information on the news referenced here, please visit Gizmodo.com.