mails to Mali
The “i” is missing: the US military has been accidentally sending secret emails to Russia’s allies for years
“ml”, “mil” – so similar, and yet so different.
© MivPiv / Getty Images
According to a Dutch entrepreneur, the US Army has been sending secret emails to Russia’s allies for years – a missing letter is to blame for this faux pas.
Typos are part of everyday life. This is particularly annoying with e-mail addresses, because either the mail does not arrive or it ends up with the wrong recipient. The latter becomes dramatic when this happens constantly and the e-mails contain data that is not intended for the eyes of others. The This is exactly what has happened to the US Army for years – until today.
As the “Financial Times“, citing Dutch entrepreneur Johannes Zuurbier, the US military and their contractors have been sending e-mails to addresses ending in “.ml” for more than ten years. They actually mean “.mil”. This supposedly small error has major implications: While the “.mil” extension has been assigned to the United States Department of Defense since 1985 and is only accessible to US armed forces, the “.ml” top-level domain has belonged to the African state of Mali since 1993.
Mails from the US Army end up in Mali
Zuurbier, who has been managing the Malian domain for years, says he has tried several times to alert the US military to this serious error – so far in vain. Now he is stepping up his efforts again as his contract is ending very soon and Zuurbier does not know who will get hold of the mails once the Malian government takes over. The African state of Mali is considered an ally of Russia – and there should be great interest in any information about the US military.
In order to be able to underline how much the confusion of domains has crept in at the US Army, Zuurbier has been collecting all the letters since January. There are a total of 117,000 misdirected messages – on some days up to 1000 emails are added.
Zuurbier stated that although no emails with a high level of confidentiality had arrived and that a lot of spam was among them, he also found messages that contained sensitive data about the military. Accordingly, he has already found medical information on soldiers, complete crew lists of US ships, maps of military installations, photos of US bases, travel information and financial data. Zuurbier also received the exact course of a trip from General James McConville – such information would be extremely relevant for a planned assassination. He also regularly found lists of passwords or requests to change access.
Security
The main thing is that we all fall for these password myths
Mike Rogers, a former US Navy admiral and former head of the NSA, told the Financial Times: “If you have this kind of constant access, you can generate information even from unclassified information.”
A problem that is not so easy to solve
According to a spokesman for the Pentagon, they are aware of this and are working to eliminate the problem. After all, all e-mails that are sent from a mailbox with a “.mil” ending to an e-mail with “.ml” are now automatically blocked. What remains are external contacts for the US military, who continue to regularly forget the all-important “i,” explains Zuurbier. Forwarding private mails to military mailboxes is also a problem. As an example, Zuurbier cites a total of six documents from an FBI agent who tried to forward diplomatic information about the political situation in Turkey to his Navy mailbox.
The US Army is apparently not alone with the problem. Among the many emails, Zuurbier repeatedly found messages from soldiers in the Dutch army who wrote “.ml” instead of “.nl” in the address line. The official address is actually “defensie.nl”.
Also read:
Numbers and anger from the boss: That’s how banal everyday office life is for super hackers
Free ride for hackers: IT experts crack outdated technology of German traffic lights
3000 tickets for the bin: hackers save speeders from fines