Typos are part of everyday life. This is particularly annoying with e-mail addresses, because either the mail does not arrive or it ends up with the wrong recipient. The latter becomes dramatic when this happens constantly and the emails contain data that is not intended for the eyes of strangers. This is exactly what has happened to the US Army for years – until now.
As the “Financial Times” reports, citing Dutch entrepreneur Johannes Zuurbier, the US military and their contractors have been sending e-mails to addresses ending in “.ml” for more than ten years. But you actually mean “.mil”. This supposedly small error has major consequences: while the “.mil” extension has been assigned to the United States Department of Defense since 1985 and only US armed forces have access to it, the “.ml” top-level domain has belonged to the African state of Mali since 1993 .
Zuurbier, who has managed the Malian domain for years, says he has tried several times to alert the US military to this serious error – so far in vain. Now he’s stepping up his efforts again, as his contract is ending very soon and Zuurbier doesn’t know who will get hold of the mails once the Malian government takes over. The African state of Mali is considered an ally of Russia – and there should be great interest in any information about the US military.
In order to be able to underline how much the confusion of domains has crept in at the US Army, Zuurbier has been collecting all the letters since January. There are a total of 117,000 misdirected messages – on some days up to 1000 emails are added.
Zuurbier stated that although no emails with a high level of confidentiality had arrived and that there was a lot of spam, he also found messages containing sensitive data about the military. Accordingly, he has already found medical information about soldiers, complete crew lists of US ships, maps of military facilities, photos of US bases, travel information and financial data. Zuurbier also received the exact course of a trip from General James McConville – such information would be extremely relevant for a planned assassination. He also regularly found lists of passwords or requests to change access.
Mike Rogers, a former US Navy admiral and former head of the NSA, told the Financial Times: “If you have this kind of constant access, you can generate information even from unclassified information.”
According to a spokesman for the Pentagon, they are aware of this and are working to eliminate the problem. After all, all e-mails that are sent from a mailbox with a “.mil” ending to an e-mail with “.ml” are now automatically blocked. What remains are external contacts for the US military, who continue to regularly forget the all-important “i,” explains Zuurbier. Forwarding private mails to military mailboxes is also a problem. As an example, Zuurbier cites a total of six documents from an FBI agent who tried to forward diplomatic information about the political situation in Turkey to his Navy mailbox.
The US Army is apparently not alone with the problem. Among the many emails, Zuurbier repeatedly found messages from soldiers in the Dutch army who wrote “.ml” instead of “.nl” in the address line. The official address is actually “defensie.nl”.
Also read:
Numbers and anger from the boss: That’s how banal everyday office life is for super hackers
Free ride for hackers: IT experts crack outdated technology of German traffic lights
3000 tickets for the bin: hackers save speeders from fines