The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.
Why the fuck is the US Military emailing passwords to anyone at all?
Why are they not encrypting the email?
Why are they using email???
As opposed to what? I get what you are saying but there’s nothing more practical and with E2E encryption it should be in.
But I do agree if you are transferring S/TS/SCI you should be using a closed system over a VPN.
for YEARS
Don’t assume malice when incompetence is equally likely.
Accidentally? Or someone was paid off
I think that is not publicly known.
To be fair, the only difference between .mil and .ml is a single typo.
According to a new report, the United States military has been sending millions of emails to a West African country in what is being called a “typo leak.”
The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.
The typo in question has to do with the suffix for all US military email addresses, .MIL. While military personnel may be intending to send an email to another member of the armed forces, they mistakenly continue to send their messages to the .ML domain, the country identifier for Mali.
Other information that was potentially leaked includes highly-sensitive data about serving US military personnel, like medical information, crew lists for ships, photos of bases, naval inspection reports, maps of installations, and contracts.
While the information being leaked is serious, it’s compounded by the fact that the US military has been aware of the typo leak for almost a decade, the Times reported.
The first person to identify the issue was Dutch internet entrepreneur Johannes Zuurbier, who has a contract to manage the Mali domain. Zuurbier has made efforts to notify the US of the problem, but after not seeing any action taken to stop the leak, he started to collect the misdirected emails.
According to the Times, Zuurbier has been collecting emails for six months in an attempt to show the US the issue was serious. Over that time period, he has collected nearly 117,000 emails.
Zuurbier wrote a letter to the US earlier this month, bringing attention to the issue once again, the Times reported.
“This risk is real and could be exploited by adversaries of the US,” he wrote.
Now, retired military officials, like the former admiral of the National Security Agency and the US Army’s Cyber Command, Mike Rogers, are pointing to the risk of letting the information leak.
“If you have this kind of sustained access, you can generate intelligence even just from unclassified information,” Rogers told the Times. “This is not uncommon. It’s not out of the norm that people make mistakes, but the question is the scale, the duration, and the sensitivity of the information.”
Rogers says that Zuurbier having the information in his possession is one thing, but a foreign government is another issue.
The concern is also growing as the internet entrepreneur is coming to the end of his 10-year management contract with Mali’s government, which is closely allied with Russia.
Once his contract is expired, Malian authorities will be able to gather the misdirected emails and do with them what they please.
Pentagon spokesman Lt. Cmdr Tim Gorman said the Defence Department is “aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously.”
He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain, and the sender is notified that they must validate the email addresses of the intended recipients.”
He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain
Seems this guy is proven wrong 117000 times, at least :-)
I’m from Europe so I can’t see the actual posted link. But I assume it’s military grade email. It works, and made by the cheapest vendor?
I posted the text in a top level comment. I hate geo-fencing.
According to another article it says the contractor identified the problem almost 10 years ago, maybe that was a typo as well?
But yikes, that’s just bad work all around.
Left woke fascists will say this is Trumps fault.
Left woke fascists
Joke’s on you, if you think that’s a real thing.
Sad/scary thing is… its very real in their mind…
Fascism is characterized by the imposition of dictatorial power, government control of industry and commerce, and the forcible suppression of opposition, often at the hands of the military or a secret police force.
Sounds like lock-downs (happened), suppression of dissent (happened/happening), forced vaccination (happened/happening) and censorship by ‘private’ companies (happened/happening)
This article might interest you.
Congrats, that’s the dumbest thing I’ve seen all day.
It’s a combination of projection and ignorance. The right can’t define fascism, Communism, or woke.