Senator presses CISA for answers about alleged GitHub repository leak

The U.S.'s top cyber agency is facing questions from Congress about a recent incident allegedly involving a public GitHub repository that exposed AWS credentials and other sensitive information.

U.S. Senator Maggie Hassan (D-NH) sent a letter to the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday demanding answers about an alleged breach uncovered by cybersecurity reporter Brian Krebs involving government contractor Nightwing. 

Guillaume Valadon, a researcher with the security firm GitGuardian, told Krebs that he discovered a GitHub repository last week that had CISA credentials ranging from cloud keys and tokens to plaintext passwords and logs. 

The account was taken offline after Krebs contacted CISA about it and the AWS keys remained valid for two more days before being removed. 

In a letter to CISA Acting Director Nick Andersen, Hassan demanded a classified briefing about the incident, writing that it “raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches.” 

“This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure,” she said.

In a statement to Recorded Future News, CISA said it is aware of the reported exposure and is investigating the situation. 

“Currently, there is no indication that any sensitive data was compromised as a result of this incident. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences,” a spokesperson said. 

Hassan said the statement “leaves unanswered questions about the policies and procedures that made it possible for this incident to reportedly occur in the first place.” 

She urged CISA to schedule a briefing before June 5 and attached 12 questions about the incident. 

Much of Hassan’s letter focuses on the turmoil at CISA since President Donald Trump took office last year and how the alleged breach may be exploited by adversaries to the U.S. Andersen took over as acting director of the agency after the former acting director, Madhu Gottumukkala, was removed following a series of scandals. 

CISA has seen drastic changes since Trump took office, with officials cutting the agency’s workforce by one-third, slashing hundreds of millions of dollars from the agency’s budget, cancelling critical programs covering election security, disbanding investigatory bodies, limiting state cyber grants and threatening to end DHS’ support for the leading vulnerability tracking system.