Millions of emails from the US military ended up in Mali, a Russian ally, due to a slight typo.
Messages destined for the US military’s “.mil” domain were sent for years to the West African country, whose extension is “.ml.”
Some of the emails contained sensitive information such as passwords, medical records, and itineraries of senior officials.
The Pentagon claimed to have taken steps to address the problem.
“The risk is real”
Dutch internet entrepreneur Johannes Zuurbier identified the problem more than 10 years ago, according to the Financial Times, the first outlet to publish information on the matter.
Zuurbier, who has had a contract to manage the Mali country domain since 2013, has collected tens of thousands of misdirected emails in recent months.
None were marked as classified, but according to the Financial Times, many of them included medical data, maps of US military installations.financial records and official travel planning documents, as well as some diplomatic messages.
Zuurbier sent a letter to US authorities this month alerting them to the problem.
He stated that his contract with the Mali government would be ending soon, meaning that “the risk is real and could be exploited by adversaries of the United States.”
Mali’s military government was scheduled to take control of the domain this Monday.
The BBC tried unsuccessfully to contact Zuurbier.
US military communications that are marked “classified” and “top secret” are transmitted through separate computer systems that make them unlikely to be accidentally compromised, according to current and former US officials.
But Steven Stransky, a lawyer who served as a senior counsel for the Department of Homeland Security’s Intelligence Law Division, said that even seemingly innocuous information can be useful to US adversaries, particularly if it includes details of individual personnel.
“Such communications would mean that a foreign actor can start building files on our own military personnel, for spying purposes, or can try to get them to divulge information for financial gain,” Stransky said. “It’s certainly information that a foreign government can use.”
Mistakes that can be expensive
Lee McKnight, professor of information studies at Syracuse University, opined that the US military was lucky to be warned about the problem and also that the emails ended up on a domain used by the Mali government instead of falling into the hands of cybercriminals.
He added that “typographic squatting” – a type of cybercrime in which the victims are users who misspell an Internet domain – is relatively common.
“They wait for someone to make a mistake, and then they take advantage of that person,” he explained.
The BBC contacted a Defense Department spokesman, who assured that the institution is aware of the problem and is taking it seriously.
indicated that the department had taken steps to ensure that “.mil” emails did not arrive at the wrong domainswhich includes blocking them before they are sent and notifying senders that they must validate recipients.
Both McKnight and Stransky explained that human error is the biggest concern for IT specialists working in both government and the private sector.
“Human error is by far the most important security concern on a day-to-day basis,” Stransky stated.
“We simply can’t control every person at all times,” he said.
BBC-NEWS-SRC: https://www.bbc.com/mundo/articles/cndk48k0e7go, IMPORTING DATE: 2023-08-02 04:10:06
#subtle #typo #diverted #military #mail #Russian #ally