.png)
A large part of the data includes content that you’d expect the military to scrape, such as news articles and social network posts relating to ISIS as well as politics from hotbeds like Iraq and Pakistan. Some of it included social posts from Americans, however, and the discussions included relatively innocuous subjects like American music stars and the Pope. That raises questions about what criteria triggered the data collection (certain keywords, for example) and whether or not its search is overly broad. While it can be important to cast a wide net, this could hurt more than it helps.
And of course, the misconfiguration suggests that officials weren’t diligent in keeping information secure. It might have been public data, but a hostile country could have studied the information to see what the US military was looking for and taken steps to keep its public material under the radar.
The good news: this could be less common going forward. Amazon recently added indicators and other measures to make it patently clear that S3 server data is publicly accessible. Even so, the incident suggests that intelligence collectors may need to rethink their security policies to make sure this kind of exposure can’t happen again.
