Millions Of U.S. Military Emails Have Been Sent To Nation Closely Allied To Russian For A DECADE … Because Of A Typo

Karen WalkerJuly 18, 2023

0 437 4 minutes read

Sensitive information including passwords, diplomatic documents, travel itineraries, tax returns, and more have been inadvertently sent to one of Russia’s allies.

The Financial Times was the first to break the story on Monday that millions of U.S. military emails have been misdirected because people mistype the .MIL suffix used by all U.S. military email addresses and instead type .MI, which is the country identifier for Mali.

It’s a simple mistake that anyone could make, and for now, it hasn’t been weaponized against the U.S. but that could change very soon.

According to the Financial Times report, the problem was first identified in 2013 by Johannes Zuurbier, a Dutch internet entrepreneur who was contracted to handle Mali’s country domain, but his contract is set to expire and control of the domain will revert to the government of Mali.

Will this presidential election be the most important in American history?

Yes

Zuurbier has been collecting misdirected emails since January in an effort to persuade the US to take the issue seriously. He holds close to 117,000 misdirected messages — almost 1,000 arrived on Wednesday alone. In a letter he sent to the US in early July, Zuurbier wrote: “This risk is real and could be exploited by adversaries of the US.”
Control of the .ML domain will revert on Monday from Zuurbier to Mali’s government, which is closely allied with Russia. When Zuurbier’s 10-year management contract expires, Malian authorities will be able to gather the misdirected emails. The Malian government did not respond to requests for comment.
Zuurbier, managing director of Amsterdam-based Mali Dili, has approached US officials repeatedly, including through a defence attaché in Mali, a senior adviser to the US national cyber security service, and even White House officials.
Much of the email flow is spam and none is marked as classified. But some messages contain highly sensitive data on serving US military personnel, contractors and their families.
Their contents include X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records.
Source: Financial Times (Archived)

Zuurbier said that after he began the contract with Mali, he quickly began receiving a number of requests for domains that didn’t exist — army.ml and navy.ml. This set off alarm bells for Zuurbier, who suspected that this was actually email, so he set up a system to catch the correspondence. He was quickly overwhelmed and stopped collecting the messages.

He sought legal advice and then repeatedly attempted to alert the US authorities. He also gave his wife a copy of the legal advice “just in case the black helicopters landed in my backyard” Zuurbier told the Financial Times.

So, what has the Department of Defense done to fix this problem?

Lt. Cmdr Tim Gorman, a Pentagon spokesman, said the DoD “is aware of this issue and takes all unauthorised disclosures of controlled national security information or controlled unclassified information seriously.” He added that emails sent from the .MIL domain that are inadvertently sent to Malian domains “are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients”.

Of course, this doesn’t affect emails sent from non-military email addresses.

While none of the emails sent appear to have labeled classified, some of the information included in the emails are still sensitive and could put individuals at risk if they fall into the wrong hands.

One misdirected email this year included the travel plans for General James McConville, the chief of staff of the US army, and his delegation for a then-forthcoming visit to Indonesia in May.
The email included a full list of room numbers, the itinerary for McConville and 20 others, as well as details of the collection of McConville’s room key at the Grand Hyatt Jakarta, where he received a VIP upgrade to a grand suite.
Source: Financial Times (Archived)

There is also the real issue of scale — so much information over a such a long period of time is a problem in itself.

“If you have this kind of sustained access, you can generate intelligence even just from unclassified information,” said Mike Rogers, a retired American admiral who used to run the National Security Agency and the US Army’s Cyber Command.

“It’s one thing when you are dealing with a domain administrator who is trying, even unsuccessfully, to articulate the concern,” Rogers said. “It’s another when it’s a foreign government that … sees it as an advantage that they can use.”

With Biden’s decision last week to activate Reserves to “augment the active Armed Forces of the United States for the effective conduct of Operation Atlantic Resolve in and around the United States European Command’s area of responsibility,” any intelligence going to allies of Russia is a problem.

Cross-posted with Clash Daily

Turn your back on Big Tech oligarchs and join the New Resistance NOW! Facebook, Google, and other members of the Silicon Valley Axis of Evil are now doing everything they can to deliberately silence conservative content online, so please be sure to check out our MeWe page here, check us out at ProAmerica Only and follow us at Parler, SocialCross, Speak Your Mind Here, and Gab. You can also follow us on Truth Social here, Twitter at @co_firing_line, and at the social media site set up by members of Team Trump, GETTR.

While you’re at it, be sure to check out our friends at Whatfinger News, the Internet’s conservative front-page founded by ex-military!And be sure to check out our friends at Trending Views: