|
|
|
|
|
|
by rshnotsecure
2401 days ago
|
|
|
I would also like to add signing up for an AWS Gov account was at least 12 months ago...a completely automated process where I was approved in no more than 15 mins. The account had a credit card but otherwise was 100% still in free tier mode, and in fact was being used by an open source team so it included ppl from around the world. The CIA has stated multiple times in court documents (typically they have emerged in cases where the FBI attaché that all embassies have post-911 or someone similar is testifying) concerns about this and why they demanded and got “AWS secret”, a level higher than gov, that was opened in 2017. Keep in mind though that many governments at state and local still use the TLD of “.us”. For instance Texas has widely used, until within the last year, “https:<subdomain>state.tx.us”. Many states have this legacy naming convention left over, and of course the restrictions are about as somewhat paper thin and avoided on .us as they are on .gov but more. There are changes in the works for this though. More concerningly though is that the recent issue with the .org TLD clearly, and this can be proven in a straightforward manner, involves a group with unlimited funding by the People’s Liberation Army making this purchase. Ethol Capital is a joke of a firm. They’ve already sanitized the Google Search Results about them, which lol should be obvious when you realize they have taken out a Google Ad for “keypointsabout.org” when you Google them. The proof though is that if you look at court documents from 2015 you will find mention of a firm...SharkTech. Another front company that the PLA loans out from time to time to the Middle East and even as I recall Israel. Anyway as I’ve stated before in comments if you do the reverse Whois searches and dns subdomain enumeration you can find the trail back to No 31 Jin-rong Street. I’ve been asked before to write a post about this always elaborating and Christ I finally took out a domain https://blog.12security.com ... it has nothing on it but Jesus just look at the DNS records it took forever to get that DMARC record to the strictest level involving no 3rd parties and also to split that DKIM key across 3 txt records...which you have to do sometimes for the 2048 keys. EDIT: forgot to mention there is obviously a connection between SharkTech and Ethol Capital. That will be proven in the blog and it is on me and my very tardy credibility to do it :)
look at http://dcsmanage.com out of Los Angeles though if you want to get a head start, and if anyone claims that’s a real IT firm... |
|
|
Are you implying this is somehow an issue? Any US person is able to spin up a Govcloud environment, it isn't meant to be limited to only government agencies/organizations.
I recently worked on a project where we created a govcloud for a non-government company that wanted a secure enclave for a subset of their data. It's certainly not a problem, and I'm not seeing how it relates to this article