Hundreds of Military and Intelligence Agencies Uploaded Data to VirusTotal

Military and Intelligence Data Leak On VirusTotal
Someone accidentially uploaded documents that contained secret information to VirusTotal

An employee of the Google-owned platform VirusTotal accidentally uploaded a file with the names, email addresses and other data of hundreds of people working in intelligence agencies and ministries of defense around the world. In particular, the list includes persons associated with the US Cyber Command, the NSA, the Pentagon, the FBI and a number of units of the US Army.

Interestingly, just the other day we wrote about a large leak of letters from the US military due to the typo, and we also wrote about a Western Digital data leak after a hack.

US Military Agencies Data on VirusTotal

Der Spiegel journalists were the first to leak an important 313 kilobyte file containing information about 5600 VirusTotal clients. According to them, the list contains the names of organizations and email addresses of employees who have registered accounts.

The publication emphasizes that it has verified the authenticity of the list and made sure that many of the people listed are actually civil servants, and some of the victims can be easily found on LinkedIn. According to media reports, more than 20 entries on the list belong to members of the US Cyber Command, the US Department of Justice, the Pentagon, the federal police, the FBI, the NSA, and so on.

From the UK, the list included more than ten employees of the Ministry of Defense, as well as email addresses belonging to employees of CERT-UK, which is part of the country’s Government Communications Center (GCHQ). According to the GCHQ email format, employee mailboxes contain only the initials of each user’s last name. However, full names are contained in email addresses belonging to specialists from the Ministry of Defense, the Cabinet of Ministers, the Office for the Decommissioning of Nuclear Power Plants and the UK Pension Fund.

In addition, employees of various ministries of Germany (including the Federal Police, the Federal Criminal Police Office and the Military Counterintelligence Service), Japan, the United Arab Emirates, Qatar, Lithuania, Israel, Turkey, France, Estonia, Poland, Saudi Arabia, Colombia, the Czech Republic, Egypt, Slovakia and Ukraine became victims of the leak. About 30 more email addresses belong to employees of Deutsche Bahn (Germany’s main railway operator), and the file also contains data about employees of the Bundesbank and such large companies as BMW, Mercedes-Benz and Deutsche Telekom.

Why is that so critical?

Although the leak only affects email addresses and names, even these can be valuable information for hackers. The fact is that the file sheds light on people who deal with cybersecurity and malware in many companies, departments and organizations. As a result, they can become targets for spear phishing attacks or social engineering. In addition, it can be understood from the list that, for example, some military personnel use personal mailboxes and personal Gmail, Hotmail and Yahoo accounts in their work.

Google representatives have already told the media that they are aware of the leak, and the company has already taken all necessary measures to eliminate it.

We are aware that one of our employees inadvertently distributed a small segment of email addresses of customer group administrators and organization names on the VirusTotal platform. We removed the listing from the platform within an hour of posting it and are looking into our internal processes and technical controls to improve their performance in the future.Google statement upon the situation

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *