• eric@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    edit-2
    1 year ago

    The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.

    Why the fuck is the US Military emailing passwords to anyone at all?

  • Mike D.@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    According to a new report, the United States military has been sending millions of emails to a West African country in what is being called a “typo leak.”

    The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.

    The typo in question has to do with the suffix for all US military email addresses, .MIL. While military personnel may be intending to send an email to another member of the armed forces, they mistakenly continue to send their messages to the .ML domain, the country identifier for Mali.

    Other information that was potentially leaked includes highly-sensitive data about serving US military personnel, like medical information, crew lists for ships, photos of bases, naval inspection reports, maps of installations, and contracts.

    While the information being leaked is serious, it’s compounded by the fact that the US military has been aware of the typo leak for almost a decade, the Times reported.

    The first person to identify the issue was Dutch internet entrepreneur Johannes Zuurbier, who has a contract to manage the Mali domain. Zuurbier has made efforts to notify the US of the problem, but after not seeing any action taken to stop the leak, he started to collect the misdirected emails.

    According to the Times, Zuurbier has been collecting emails for six months in an attempt to show the US the issue was serious. Over that time period, he has collected nearly 117,000 emails.

    Zuurbier wrote a letter to the US earlier this month, bringing attention to the issue once again, the Times reported.

    “This risk is real and could be exploited by adversaries of the US,” he wrote.

    Now, retired military officials, like the former admiral of the National Security Agency and the US Army’s Cyber Command, Mike Rogers, are pointing to the risk of letting the information leak.

    “If you have this kind of sustained access, you can generate intelligence even just from unclassified information,” Rogers told the Times. “This is not uncommon. It’s not out of the norm that people make mistakes, but the question is the scale, the duration, and the sensitivity of the information.”

    Rogers says that Zuurbier having the information in his possession is one thing, but a foreign government is another issue.

    The concern is also growing as the internet entrepreneur is coming to the end of his 10-year management contract with Mali’s government, which is closely allied with Russia.

    Once his contract is expired, Malian authorities will be able to gather the misdirected emails and do with them what they please.

    Pentagon spokesman Lt. Cmdr Tim Gorman said the Defence Department is “aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously.”

    He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain, and the sender is notified that they must validate the email addresses of the intended recipients.”

    • NeoLikesLemmy@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain

      Seems this guy is proven wrong 117000 times, at least :-)

  • UncleStewart@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I’m from Europe so I can’t see the actual posted link. But I assume it’s military grade email. It works, and made by the cheapest vendor?

  • ThatGirlKylie@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    According to another article it says the contractor identified the problem almost 10 years ago, maybe that was a typo as well?

    But yikes, that’s just bad work all around.