Members of the US armed forces mistakenly sent official emails to the Malian government in Africa instead of their Pentagon counterparts. The messages contained sensitive information including diplomatic documents, tax returns, access passwords and travel details of senior military officials. The Malian government has not got them thanks only to an honest Dutch operator who managed its .ml domains and notified American authorities of a series of errors.
The problem is, he’s been doing it for ten years — and Americans are ignoring him.
The cause of this elusive phenomenon is a frequent misspelling. The .ml domain, the Mali identifier, is similar to the .mil extension found in all US military email addresses.
(If you think that the person responsible for the security of the world’s only superpower should know how to send an e-mail, don’t laugh. We’re talking about countries where Audi he lost the court casebecause the driver of his car confused the accelerator with the brake.)
Americans, beware of email!
Stray e-mail first came to the attention of Johannes Zuurbier, a Dutch internet entrepreneur and Malian domain administrator, almost ten years ago. But with the end of his contract drawing to a close (expiring this Monday, July 24), Zuurbier began collecting typo emails back in January in an effort to convince the US to take the matter seriously.
From then to mid-July, he collected 117,000 of them; some days about a thousand of them arrived. Zuurbier wrote to Washington that “the risks are real and could be exploited by US adversaries”. Don’t exaggerate; on Monday, administration of the domain will pass into the hands of the Malian government, among others Kremlin allies.
Zuurbier, who heads the Amsterdam-based Mali Dili company, has repeatedly approached American officials. He tried it through the military attache in Mali, the US NSA’s senior cybersecurity adviser, and even contacted White House officials.
Pentagon spokesman Lieutenant Tim Gorman, he says told the Financial Times, which first reported the case, that the Ministry of Defense was “aware of the matter and takes seriously any unauthorized disclosure of controlled national security information or classified controlled information”. Let’s not even try to imagine what must have happened if the Pentagon took this lightly.
In the past, Zuurbier managed domains for, for example, the Central African Republic, Gabon, Equatorial Guinea, or the Tokelau territory of New Zealand. In 2013, he took over Mali’s country code and quickly noticed requests for domains like army.ml and navy.ml that didn’t exist. He realized it was actually an email; therefore create a system to capture all such correspondence. However, the system stopped working within a week, completely overwhelmed with messages from negligent American soldiers (and their correspondent partners).
Instruction and training
Zuurbier said that after he realized what was going on, he sought legal advice. (He told the Financial Times that he gives his wife a copy of legal proceedings if a “black helicopter lands” in his garden.) In 2014, he joined a trade mission from the Netherlands to enlist the help of Dutch diplomats.
What are US troops sending to Mali?
- About a dozen people mistakenly requested a password reset for an intelligence community system; others posted passwords required to access documents located in a Department of Defense secure file exchange.
- Twenty e-mails from defense services supplier General Dynamics regarding production of training grenade cartridges for the military.
- Some emails sent in error contain diplomatic passport numbers.
- X-rays and medical records, identification information, crew lists, base personnel lists, facility maps, photos of bases, naval inspection reports, contracts, criminal charges against personnel, internal abuse investigations, official itineraries, individual tax and financial records.
- One of this year’s e-mails contains travel plans for General James McConville, Chief of Staff of the US Army, and his delegation for the upcoming visit to Indonesia in May (a list of room numbers, itineraries for McConville and twenty others, as well as details of picking up McConville’s room keys at the Grand Hyatt Jakarta).
- A high-ranking FBI agent with the Navy mistakenly forwarded six private e-mail messages to Mali instead of his official address (among others, urgent Turkish diplomatic letters to the US State Department about possible operations by a Kurdish militant party working against Turkish interests in the US).
Even his efforts a year later were fruitless. This year, he began collecting misdirected emails again in a bid to alert the Pentagon before it was too late.
Fortunately for the US, the Pentagon is hitting hard this time. A spokesman for Gorman told the FT: “The department provides guidance and training to DoD staff.”
The free world heaved a sigh of relief.
“Tv nerd. Passionate food specialist. Travel practitioner. Web guru. Hardcore zombieaholic. Unapologetic music fanatic.”