A Texas-based firm called Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet. Firms impacted by the leak were Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin.
Chris Vickery, cyber risk analyst at security firm UpGuard, found the data on July 6. Files included schematics that highlighted “potential weak points and trouble in customer electrical systems,” according to a report published Monday by UpGuard.
“Beyond this highlighting of potential weak points and trouble spots in customer electrical systems, publicly downloadable schematics reveal the specific locations and configurations of government-operated top secret intelligence transmission zones within at least one Dell facility,” wrote Dan O’Sullivan, a cyber resilience analyst with UpGuard, who authored the research report. “In addition to this exposed customer data, a plain text file of internal PQE passwords was also stored in the repository, potentially enabling further access to more company systems.”
According to UpGuard, the data was left exposed because of a port configured for public access and used for rsync server synchronization. Rsync is a remote synchronization utility typically found on Unix systems used for transferring and synchronizing files across computer systems.
“This exposure illustrates several pertinent and common issues driving the spread of cyber risk today. The configuration of PQE’s rsync process to allow public access through an open port is an all too common state of affairs in IT environments,” O’Sullivan wrote.
Earlier this year, a large print and design firm leaked sensitive health records belonging to a former professional athlete, private business and employment records for an adult retail chain, and paperwork related to a lawsuit involving an actress and a Hollywood studio. The cause was traced back to a publicly exposed remote synchronization (rsync) service.
In December, researchers at MacKeeper identified a similar insecure backup server maintained by Ameriprise Financial. In that case, Social Security numbers, decryption keys and confidential internal company documents were also exposed. Similar issues tied to misconfigured rsync services have recently impacted hotels, a Pentagon subcontractor and even spammers.
MacKeeper estimates as much as 15 percent of synchronized backups use misconfigured protocols allowing public access from anywhere in the world.
It’s unclear how much data was exposed by Power Quality Engineering (PQE) or if the data had been accessed by malicious third-party. After Vickery downloaded 205GB of data from the repository on July 6 he notified PQE of the insecure data. Two days later, researchers said, the engineering firm secured the database.
“The exposed port granting public access to these systems, 873, is the default port used for rsync… While the IP addresses able to access these systems via this port can be easily restricted by IT administrators using rsync’s ‘hosts allow/deny’ functions, this requires an extra step once the rsync utility is configured. This default accessibility, while simple to restrict, can be missed,” O’Sullivan wrote.