19 April 2016

NASA leaks names of employees with Secret and TOP Secret clearance?

NASA leaks names of employees with Secret and TOP Secret clearance?

It appears, NASA has a huge public file server. According to Google, there are almost 25,000 indexed documents. These documents are mainly examples of forms, applications, contracts, etc. However, several documents attracted our attention due to their names, e.g. "DD Form 254", which is used to request access to classified information and should be approved by DoD (Department of Defense).

We briefly went through these documents, and here are our findings:

Google says there are 142 documents in .doc format labeled "DD Form 254". Some of them are actual applications, prepared for signing contracts with subcontractors. These documents contain names, phone numbers, (some of them even signatures), contact information, addresses of facilities, job titles of employees, who request security clearance for subcontractors. Certain contracts require TOP SECRET clearance:

And some personal information of employees:

Due to predictable filenames it is possible to view documents, not indexed by Google, just by changing the last digit in the filename. The above link https://prod.nais.nasa.gov/eps/eps_data/132356-SOL-001-008.doc can be modified to view other details of this particular contract:

The filenames can also be brute-forced. So, even if the file is not indexed by Google, it still can be accessible on the server.


Back to the list

Latest Posts

New Mirai variant hides its C&Cs in Tor network for anonymity

New Mirai variant hides its C&Cs in Tor network for anonymity

The use of Tor network helps the malware operators to conceal its command and control servers and to avoid detection.
1 August 2019
New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

After infecting an Android mobile device, Filecoder scans the victim's contact list and sends links on ransomware to all the entries in the list.
31 July 2019
Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

URGENT/11 vulnerabilities pose a serious risk as they allow attackers to take over devices with no user interaction required.
30 July 2019
Featured vulnerabilities
MitM attack in Cisco HyperFlex
Medium Patched | 22 Aug, 2019
Multiple vulnerabilities in Palo Alto PAN-OS
High Patched | 22 Aug, 2019