Sensitive Information Leaked: How a Dutch Businessman Uncovered a Massive Typo Error in US Military Emails

2023-07-18 20:35:18

A Dutch businessman discovered that, for more than 10 years now, millions of emails from the United States armed forces with sensitive information such as passwords, medical records and itineraries of high-ranking officials arrive by a typo in Mali, an allied country. From Russia.

The businessman’s name is Johannes Zuurbier and what he discovered was that messages destined for the US military’s “.mil” domain were sent for years, due to human error, to the West African country, whose extension is “.ml”.

According to the Financial Times, the first outlet to give details regarding what happened, Zuurbier, who since 2013 has had a contract to manage the domain of the country of Mali, identified the problem more than 10 years ago.

In the past year, the businessman has collected tens of thousands of misdirected emails. While none of the mail was marked as classified, much of it included medical data, maps of US military installations, financial records and official travel planning documents, as well as some diplomatic messages.

In recent days, Zuurbier sent a letter to the US authorities to warn them of the problem, as his contract with the Mali government is ending soon, which means that “the risk is real and might be exploited by US adversaries.” ”.

Due to what happened, the military government of Mali planned to take control of the domain this Monday.

A Pentagon source, meanwhile, told the BBC that the US Department of Defense is already dealing with the problem. According to this source, the agency took steps to ensure that “.mil” emails did not arrive at the wrong domains, including blocking them before they were sent and notifying senders that they must validate recipients.

“The information can be useful to adversaries”

Military communications that are marked “classified” and “top secret”, several US officials told the BBC, are transmitted through separate computer systems that make it unlikely that they will be accidentally compromised.

But Steven Stransky, a lawyer who served as a senior adviser to the Department of Homeland Security’s Intelligence Law Division, cautioned that even seemingly innocuous information can be useful to America’s adversaries, particularly if it includes details of individual personnel. .

“Such communications would mean that a foreign actor can start building files on our own military personnel, for espionage purposes, or can try to get information disclosed for financial gain,” Stransky said. “It certainly is information that a foreign government can use,” he added.

“America got lucky”

Lee McKnight, a professor of information studies at Syracuse University, said the US military was lucky to be warned regarding the problem and the emails ended up on a domain used by the government. from Mali instead of falling into the hands of cybercriminals.

“Typographic squatting” – a type of cybercrime in which the victims are users who misspell an Internet domain name – is relatively common, the expert explained. “They wait for someone to make a mistake, and then they take advantage of that person,” he explained regarding the methodology of that crime.

Both McKnight and Stransky argue that human error is the biggest concern for information technology specialists. “Human error is by far the most important security concern on a day-to-day basis,” Stransky said, as “we simply can’t monitor every person every time.”

1689720004
#Mali #email #Due #typing #error #United #States #passwords #itineraries #high #officials #years

Leave a Replay