this post was submitted on 17 Jul 2023
44 points (97.8% liked)

Not The Onion

12358 readers
273 users here now

Welcome

We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!

The Rules

Posts must be:

  1. Links to news stories from...
  2. ...credible sources, with...
  3. ...their original headlines, that...
  4. ...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”

Comments must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.

And that’s basically it!

founded 1 year ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/2148293

For over 10 years, millions of emails associated with the US military have been getting sent to Mali, a West African country allied with Russia, due to a typo, according to a report from the Financial Times. Instead of appending the military’s .MIL domain to their recipient’s email address, people frequently type .ML, the country identifier for Mali, by mistake.

Johannes Zuurbier, a Dutch entrepreneur contracted to manage Mali’s domain, tells the Financial Times that this has been happening for over a decade despite his repeated attempts to warn the US government. When Zuurbier began noticing requests for nonexistent domains, like army.ml and navy.ml, he set up a system to catch these misdirected emails, which the Financial Times reports “was rapidly overwhelmed and stopped collecting messages.”

Since January alone, Zuurbier has reportedly intercepted 117,000 misdirected emails, several of which contain sensitive information related to the US military. According to the Financial Times, many of the emails include medical records, identity document information, lists of staff at military bases, photos of military bases, naval inspection reports, ship crew lists, tax records, and more.

Once Zuurbier’s 10-year contract with Mali ends on Monday, authorities in Mali will be able to gain access to the emails

Some of the misdirected emails were sent by military staff members, travel agents working with the US military, US intelligence, private contractors, and others, the Financial Times reports. For example, an email from earlier this year reportedly contained the travel itinerary for General James McConville, the US Army’s chief of staff, for his visit to Indonesia. The email included a “full list of room numbers,” along with “details of the collection of McConville’s room key at the Grand Hyatt Jakarta.”

Zuurbier won’t be able to intercept these emails for much longer, however. Once his 10-year contract with Mali ends on Monday, authorities in Mali will be able to gain access to the emails. Russia established a presence in Mali last year through the Wagner Group, a Russian state-backed paramilitary organization that recently staged a rebellion against President Vladimir Putin. In May, the US State Department said the Wagner Group sought to use Mali as a route to transport war supplies to Ukraine.

“The Department of Defense (DoD) is aware of this issue and takes all unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously,” Tim Gorman, a spokesperson for the Office of the Secretary of Defense, says in an emailed statement to The Verge. Gorman adds that emails sent from a .mil domain to Mali are “blocked” and that the “sender is notified that they must validate the email addresses of the intended recipients.”

Gorman acknowledges that this doesn’t stop other government agencies or those working with the US government from mistakenly sending emails to Malian addresses, though. Still, he notes that “the Department continues to provide direction and training to DoD personnel.”

top 3 comments
sorted by: hot top controversial new old
[–] ccryx@discuss.tchncs.de 5 points 1 year ago (1 children)

Something's a bit fishy here - are they implying that these mails with sensitive information are getting sent without e2ee?

[–] cloaker@kbin.social 1 points 1 year ago

They have standard aes and whatnot over SMTP. But nothing more than that. Maybe defence contractors are not required to use alternative and secure arrangements?

[–] mcneb10@kbin.social 2 points 1 year ago

I'm surprised there wasn't a security rule to not be able to send emails to any domains besides *.mil ones