Pentagon risks being hacked after claims it is not using encrypted email, says Senator

Agamoni Ghosh
Pentagon generic image

The Pentagon, known to be guarding some of the world's most well-kept secrets, is surprisingly still not using an encrypted email service, which could expose a trove of military data to potential hackers.

The Defense Information Systems Agency (DISA), the Pentagon's branch that oversees digital communications, failed to adopt an encrypted email service as per a letter written by Senator Ron Wyden who warned the agency for taking such a risk. DISA is responsible for providing email services to the Army, Navy, Marines and the Coast Guard.

Trending: How much is Amazon founder Jeff Bezos worth?

"I am concerned that DISA is not taking advantage of a basic, widely used, easily enabled cybersecurity technology," Wyden wrote in the letter, obtained by Motherboard.

In 2015 suspected Russian hackers had launched a cyberattack on the Pentagon leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure.

Don't miss: Exhibition shows off the world's most creative selfies

"Until DISA enables STARTTLS (to take an insecure connection and upgrade it to a secure one) for unclassified email messages sent between the military and other organisations, we will be needlessly exposed to surveillance and potential compromise by third parties," says Wyden.

The agency refused to comment on the matter, but did say that it will formally respond to the Senator's letter.

Most popular: Jesus Schwept! Scientists turn water into lemonade by sending virtual drink over the internet

Currently the FBI, NSA, CIA, the Director of National Intelligence and the Department of Homeland Security have enabled email encryption for their servers. Major technology giants like Facebook, Google, Microsoft and Twitter also use encryption-based email services.


STARTTLS adds a level of encryption over the standard email protocol that results in encryption of emails that go from one email server to another. Both your email provider and the recipient's provider has to support STARTTLS for the email to be protected all along. If either don't, it will be open to access midway.

You may be interested in:

By using Yahoo you agree that Yahoo and partners may use Cookies for personalisation and other purposes