this post was submitted on 17 Jul 2023
148 points (98.7% liked)

World News

39099 readers
5013 users here now

A community for discussing events around the World

Rules:

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.


Lemmy World Partners

News [email protected]

Politics [email protected]

World Politics [email protected]


Recommendations

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

founded 1 year ago
MODERATORS
top 22 comments
sorted by: hot top controversial new old
[–] ericisshort 25 points 1 year ago* (last edited 1 year ago) (1 children)

The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.

Why the fuck is the US Military emailing passwords to anyone at all?

[–] [email protected] 8 points 1 year ago (1 children)

Why are they not encrypting the email?

[–] [email protected] 1 points 1 year ago (1 children)

Why are they using email???

[–] [email protected] 0 points 1 year ago

As opposed to what? I get what you are saying but there's nothing more practical and with E2E encryption it should be in.

But I do agree if you are transferring S/TS/SCI you should be using a closed system over a VPN.

[–] zombuey 14 points 1 year ago
[–] golamas1999 13 points 1 year ago

Don’t assume malice when incompetence is equally likely.

[–] UltraMagnus0001 11 points 1 year ago (1 children)

Accidentally? Or someone was paid off

[–] zombuey 5 points 1 year ago* (last edited 1 year ago)

I think that is not publicly known.

[–] wanderingmagus 8 points 1 year ago

To be fair, the only difference between .mil and .ml is a single typo.

[–] miked 5 points 1 year ago (1 children)

According to a new report, the United States military has been sending millions of emails to a West African country in what is being called a “typo leak.”

The mistake has resulted in highly sensitive information being exposed, including diplomatic documents, passwords, travel details of top officers, and tax returns, according to the report from the Financial Times.

The typo in question has to do with the suffix for all US military email addresses, .MIL. While military personnel may be intending to send an email to another member of the armed forces, they mistakenly continue to send their messages to the .ML domain, the country identifier for Mali.

Other information that was potentially leaked includes highly-sensitive data about serving US military personnel, like medical information, crew lists for ships, photos of bases, naval inspection reports, maps of installations, and contracts.

While the information being leaked is serious, it’s compounded by the fact that the US military has been aware of the typo leak for almost a decade, the Times reported.

The first person to identify the issue was Dutch internet entrepreneur Johannes Zuurbier, who has a contract to manage the Mali domain. Zuurbier has made efforts to notify the US of the problem, but after not seeing any action taken to stop the leak, he started to collect the misdirected emails.

According to the Times, Zuurbier has been collecting emails for six months in an attempt to show the US the issue was serious. Over that time period, he has collected nearly 117,000 emails.

Zuurbier wrote a letter to the US earlier this month, bringing attention to the issue once again, the Times reported.

“This risk is real and could be exploited by adversaries of the US,” he wrote.

Now, retired military officials, like the former admiral of the National Security Agency and the US Army’s Cyber Command, Mike Rogers, are pointing to the risk of letting the information leak.

“If you have this kind of sustained access, you can generate intelligence even just from unclassified information,” Rogers told the Times. “This is not uncommon. It’s not out of the norm that people make mistakes, but the question is the scale, the duration, and the sensitivity of the information.”

Rogers says that Zuurbier having the information in his possession is one thing, but a foreign government is another issue.

The concern is also growing as the internet entrepreneur is coming to the end of his 10-year management contract with Mali’s government, which is closely allied with Russia.

Once his contract is expired, Malian authorities will be able to gather the misdirected emails and do with them what they please.

Pentagon spokesman Lt. Cmdr Tim Gorman said the Defence Department is “aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously.”

He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain, and the sender is notified that they must validate the email addresses of the intended recipients.”

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

He also said that emails sent directly to a .MIL domain to Malian addresses are “blocked before they leave the .mil domain

Seems this guy is proven wrong 117000 times, at least :-)

[–] UncleStewart 5 points 1 year ago (1 children)

I'm from Europe so I can't see the actual posted link. But I assume it's military grade email. It works, and made by the cheapest vendor?

[–] miked 4 points 1 year ago

I posted the text in a top level comment. I hate geo-fencing.

[–] Jackolantern 3 points 1 year ago
[–] ThatGirlKylie 2 points 1 year ago* (last edited 1 year ago)

According to another article it says the contractor identified the problem almost 10 years ago, maybe that was a typo as well?

But yikes, that’s just bad work all around.

load more comments
view more: next ›