.mil and .ml: The US defense does not distinguish between domains and sends its emails to Mali

.mil and .ml: The US defense does not distinguish between domains and sends its emails to Mali

Over the past 10 years, millions of US military emails have ended up in the mailboxes of Mali, a well-known ally of Russia, not because of a leak, but because of a typo: they were sent to the suffix ml. African country, not the US military. Mile.

This bug exposed highly sensitive information, including diplomatic documents, tax returns, passwords, travel details for senior Pentagon officers, medical records, identification documents, lists of military base personnel, photos of the military base, ship crew lists, tax documents, and more. This was revealed by the Financial Times after a report by the Dutch businessman in charge of managing a financial domain, Johannes Zurber, who, after repeated attempts to warn the US government, decided to turn to the media.

when zurber He began noticing requests for non-existent domains, such as army.ml and navy.ml, and created a system to catch these misleading emails. Unfortunately, due to the large influx of emails, the system “quickly became overwhelmed and stopped collecting messages.”

Since January 2023 alone, Zorber has intercepted 117,000 mishandled emails, many of which contain sensitive information related to the US military. Some were sent by military personnel, travel agents working with the US military and intelligence services, and private contractors. For example: An email from January contained the travel itinerary of General James McConville, the US Army Chief of Staff, to visit Indonesia. Also attached is a ‘Complete List of Room Numbers’ and ‘Details of McConville Room Key Set at Grand Hyatt Jakarta’.

Zorbier won’t be able to intercept these communications for much longer: his contract with Mali will expire on Monday and the authorities will be able to access the emails.
Tim Gorman, a spokesperson for the Office of the Secretary of Defense, issued a statement saying, “The Department of Defense is aware of this issue and takes all unauthorized disclosure of national security information very seriously.” In a statement successfully emailed to the Verge news portal, Gorman added that email sent from the .mil domain to Mali has been “blocked” and that the sender will henceforth need to “validate addresses before sending emails to the recipient” .

See also  "Bridge" between Trieste and the USA

Gorman He acknowledged that this is not enough to prevent other government agencies or those who work with the US government from mistakenly sending emails to Mali, but that “the department will continue to train DoD personnel.”

Leave a Reply

Your email address will not be published. Required fields are marked *