US military personnel send sensitive information to Mali. The reason should be a typo. Why this could be a problem.
Washington DC — Reports on terrorism, travel plans by members of the Joint Chiefs of Staff, maps of military bases: Sensitive US military information has been sent to Mali in millions of emails. The special feature: The cause is not a hacker attack from outside and no Mole as in the case of the US leaks on the Ukraine war in April. The messages are said to have ended up there due to a simple typo. This is reported by the British daily newspaper Financial Times. This could pose a security risk for the United States. The Malian government is cooperating with Russia.
Instead of sending emails to the domain “.mil”, the abbreviation for all military email addresses USA, military personnel, FBI agents, and diplomats routinely forgot the “i” and sent their emails to “ml” addresses. That’s how they ended up with the Dutch Internet entrepreneur Johannes Zuurbier. Until Monday, July 17, he managed the ML domain and since January 2023 has collected 117,000 emails from the military in order – according to his statement – to show the US authorities the extent of the problem.
US military sends sensitive reports to Mali – because of typos
Much of the news contains loud Financial Times no secret information. However, individual emails are said to have contained reports on domestic terrorism and assessments of the global fight against terrorism. Some were headlined “not for the public or foreign governments.” Another email contained detailed information about a trip by the US Army chief of staff to Indonesia, the report said.
But not only in the US military there is a mail leak due to typing errors. Messages from the Dutch military, which uses the “army.nl” domain, are also affected. According to this, reports about the vulnerability of Dutch Apache helicopters to cyber attacks were sent to the Malian domain. Messages from the Australian Department of Defense also went to the wrong domain. Other information primarily concerns US military personnel, such as the following topics:
- Passwords for encrypted documents
- staff lists
- Medical data, including X-rays
- Maps of military bases
- inspection reports
- crew lists of ships
- Studies on Bullying
- travel plans
- Tax and Financial Records
- Source: Financial Times
Cyber security expert warns of the consequences of the typo
Although no information classified as secret was among the affected messages, the data leak is still problematic. Mike Rogers, former admiral, director of the National Security Agency and cybersecurity advisor, believes so. “If you have that kind of persistent access, you can glean insights from even non-classified information,” he said Financial Times. Such mistakes are not uncommon, but the extent and duration of the current case are serious.
Zuurbier took over the management of the Malian domains in 2013 and found that many requests for domains such as “army.ml” and “navy.ml” were received, the reports Financial Times. The Dutchman suspected that they were emails and set up a system to intercept them. Since then, he has made several attempts to alert the United States to the error, contacting the defense attaché at the American embassy in Mali, the government adviser on cybersecurity, and White House staff.
Russia could benefit from accidental US data leak
On Monday, July 17, Zuurbier’s ten-year contract with the Malian government to manage the domain expired. Possible emails could now go directly to Mali. This could become a problem for the US military. “It’s one thing when you’re dealing with a domain administrator trying – unsuccessfully – to voice their concerns. It’s another thing when it’s a foreign government that sees it as an advantage that they can leverage,” Rogers told the Financial Times.
The The government of the West African country is increasingly turning away from the West – and towards Russia. France and Germany will soon end their military engagement in Mali. Instead of relying on the EU and NATO countries as cooperation partners to train their own armed forces in the fight against the terrorist organization Boko Haram, Mali is now relying on cooperation with Russia – and the notorious one Wagner group.
Pentagon reacts and blocks Malian domains
The US Department of Defense has now been informed of the problem and has already taken precautions. The domain ending “ml” was blocked. E-mails to addresses with this suffix must first be verified, reports the Financial Times. Pentagon spokesman Tim Gorman also announced that there would be new guidance and training on the use of personal email addresses for US government business. (ms)
#Embarrassing #typo #triggers #military #data #breach