Digital Keys Exposed on GitHub by U.S. Cybersecurity Agency

Spread the love



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been inadvertently exposing its cloud storage accounts’ digital keys in plaintext for an extended period, as reported by Krebs on Security. Thankfully, this issue was rectified over the weekend.

Perhaps the sensitive information was hidden in a convoluted folder with an unrecognizable name, you might think. the repository was conspicuously labeled “Private-CISA.”

But surely the contents were not highly sensitive, you may argue. Yet, the exposed data included passwords, keys, and tokens, with passwords stored in a .CSV file as plain text.

CISA provided a statement to Krebs, which included the following:

“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…] While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

The repository was established in November of the previous year, indicating that the vulnerability may have persisted for approximately six months, although it could have been shorter depending on when new information was added.

For context, CISA is a relatively new division of the Department of Homeland Security that has faced numerous challenges during the Trump administration. Interestingly, it was created with the signing of legislation in 2018 by Trump, who, in a sense, facilitated its formation during his first term. It’s worth mentioning that Trump’s speech during this event was a unique display of his rhetorical style, featuring memorable lines such as:

“The cyber battlespace evolves — and it is evolving, and unfortunately, faster than a lot of people want to talk about. But battlespace it is. So as the cyber battlespace evolves, this new agency will ensure that we confront the full range of threats from nation-states, cyber criminals, and other malicious actors, of which there are many.” 

Indisputably accurate, Mr. President. It is indeed a battlespace.

See also  NYT's The Mini crossword answers for May 13

During the tumultuous period between the 2020 election and the events of January 6, 2021, Trump was reportedly infuriated by the information provided by CISA’s leadership while attempting to overturn the election results. He dismissed the CISA director he had appointed, and since his return to office, CISA has been characterized by disorder. Neither of the acting directors appointed so far has received Senate confirmation, and Trump has recently aimed to substantially cut CISA’s budget.

To further complicate matters for CISA, the Krebs report suggests that an employee from a government contractor named Nightwing was utilizing Github to transfer materials from a work device to a personal device—similar to emailing documents to oneself, but even less secure.

While I may not be a federal cybersecurity expert, the findings from Krebs highlight information that should not be leaked by our government:

“One of the exposed files, titled ‘importantAWStokens,’ included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — ‘AWS-Workspace-Firefox-Passwords.csv’ — listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those systems[s] included one called ‘LZ-DSO,’ which appears short for ‘Landing Zone DevSecOps,’ the agency’s secure code development environment.”

Krebs’ source regarding the information left publicly accessible was Guillaume Valadon of GitGuardian, a company specializing in scanning GitHub for security vulnerabilities. Valadon remarked to Krebs that this was “the worst leak that I’ve witnessed in my career.”

best barefoot shoes

For the original content, including images and photographs used in this article, please visit the source. We do not claim authorship of these materials; they are used solely for informational purposes with appropriate attribution to their original source.

  • Ethan Carter

    Ethan Carter is a prolific author and technology enthusiast, known for his insightful writings on the evolving landscape of digital innovation at Social Schmuck. With a keen eye for emerging trends and a passion for bridging the gap between complex technology concepts and everyday applications, Ethan captivates his readers with engaging narratives and thought-provoking analyses. His work not only informs but also inspires others to navigate the rapidly changing tech world with confidence and curiosity.

    Related Posts

    Money Robot Submitter Review 2026: Is This Backlink Automation Tool Worth It?

    Spread the love

    Spread the love Share It: ChatGPT Perplexity WhatsApp LinkedIn X Grok Google AI Money Robot Submitter Review 2026 Money Robot Submitter Review: Powerful Backlink Automation — But Is It Worth…

    Read more

    Coco Faces Challenges in the ‘Witch Hat Atelier’ Season 2 Trailer

    Spread the love

    Spread the love Share It: ChatGPT Perplexity WhatsApp LinkedIn X Grok Google AI It didn’t take long for excitement to build: just under two weeks after the finale of Witch…

    Read more

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Money Robot Submitter Review 2026: Is This Backlink Automation Tool Worth It?

    Money Robot Submitter Review 2026: Is This Backlink Automation Tool Worth It?

    Viral Photos with Tobey Maguire: Rep Sets the Record Straight

    Viral Photos with Tobey Maguire: Rep Sets the Record Straight

    Funny World Cup Tweets That Restore Faith in Humanity

    Funny World Cup Tweets That Restore Faith in Humanity

    Coco Faces Challenges in the ‘Witch Hat Atelier’ Season 2 Trailer

    Coco Faces Challenges in the ‘Witch Hat Atelier’ Season 2 Trailer

    The R&B Tour Heats Up with Chris Brown’s Latest Performance

    The R&B Tour Heats Up with Chris Brown’s Latest Performance

    Karlie Kloss and Taylor Swift Reunite at Wedding Celebration

    Karlie Kloss and Taylor Swift Reunite at Wedding Celebration

    Piano App Listens While You Play – Lifetime Subscription $105

    Piano App Listens While You Play – Lifetime Subscription $105

    Mufulira Police Arrest Suspect in Assault of Chinese National

    Mufulira Police Arrest Suspect in Assault of Chinese National

    Pregnancy Rumors Sparked by Pooh Shiesty & Marissa Da’Nae

    Pregnancy Rumors Sparked by Pooh Shiesty & Marissa Da’Nae

    Legal Action Against Social Media for False Info Considered

    Legal Action Against Social Media for False Info Considered