A super-secret computer project designed to break military codes turned out to be pretty easy to crack — because New York University engineers accidentally put the whole thing on the internet, according to a report.
An anonymous digital security researcher identified files related to the project while hunting for things on the internet that doesn’t belong there, The Intercept reported Thursday.
The cyber sleuth, who requested anonymity to protect his day job, used a program called Shodan, a search engine for internet-connected devices. The search engine in turn found the project, which is a joint initiative by NYU’s Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, Gregory and David, the Defense Department and IBM.
Information on an exposed backup drive described the project, called “WindsorGreen,” as a system capable of cracking passwords.
The Intercept suggested the code-breaking machine was designed for use by the National Security Agency.
NSA whistleblower Edward Snowden previously leaked materials that revealed WindsorBlue, a predecessor to WindsorGreen, the Intercept reported.
The anonymous researcher was stunned by the lack of security around his discovery.
“The fact that this software, these spec sheets, and all the manuals to go with it were sitting out in the open for anyone to copy is just simply mind-blowing,” he told the whistle-blowing Intercept.
“Not even a single user name or password separates these files from the public internet right now. It’s absolute insanity,” he said.
The researcher supposed that misconfigurations in the Mathematics and Advanced Supercomputing Department at NYU are to blame for making confidential data publicly available. He notified NYU of the leak, and the school subsequently removed the files from the internet.
The researcher also said the entire email outbox — including correspondence with active members of the U.S. military — of one of the NYU institute’s chiefs was stored on the drive that contained Windsor documents, according to The Intercept.