Typo Leaks "Millions" of Government Emails to...Mali?

Saw that in my morning round up email.

I also lately have been getting some odd emails from State. I'm subscribed to the daily schedule email. Love when I get an email from them that says "Not for Publication".

20230717_131445.jpg

Nothing in it was anything special, but also...how do you do this on what seems like a bi-weekly basis?
 
AWP said:
If you type .ml instead of .mil, your email could go to Mali? I would love to know how this happened given the unique email addys within the DoD.

This comes within a week of China hacking a USG Microsoft Cloud.

Sleep well, everyone.

Pentagon typo leaked millions of sensitive messages to African nation
Click to expand...
I read the article earlier, but I don't understand how this works.

If I send an email to AWP@ShadowSpear.mil but I mistype it as AWP@ShadowSpear.ml, doesn't it just... bounce back as undeliverable? Or does it still go to the .ml server, where it can be collected and read by their admins?
 
Marauder06 said:
I read the article earlier, but I don't understand how this works.

If I send an email to AWP@ShadowSpear.mil but I mistype it as AWP@ShadowSpear.ml, doesn't it just... bounce back as undeliverable? Or does it still go to the .ml server, where it can be collected and read by their admins?
Click to expand...


My understanding is it hits the domain server, and the domain server can't find the address, so it alerts you that it's undeliverable. However, it still hit the server. I'm guessing someone realized what was happening, and started to collect them. I didn't see mention if people were getting the undeliverable message or not.

Our network/cyber experts here know way more than me, but that was the basic explanation I got.

ETA: From the article:
News of the leaks first came from Johannes Zuurbier, a Dutch entrepreneur who manages Mali's domain. Zuurbier told FT that he has collected at least 117,000 emails from within the Pentagon since January alone, and many more in years prior.
Click to expand...
Zuurbier warned that his 10-year contract to manage Mali's domain expires this week, at which point control will revert to Mali's government, which is closely allied with Russia.
Click to expand...
 
Last edited:
The next time there's one of those long-lasting system-wide "reply all" catastrophes on the Army system, I'm going to include a .ml address in my response. Getting a Mali server in on all of those responses will probably crash it. ;)
 
Last edited:
AWP said:
Never been an Exchange admin, but I think @Kaldak is tracking.

Besides, you send an email and it bounces back. I wouldn't think ".ml is Mali" it would be "I'm dumb for not proofing my distro list. I'll add an i and send."
Click to expand...

Cheap security solution: Set up a custom DNS server that only will resolve .GOV/.MIL/.whateveryouneed, and point your exchange server at it.
 
The bait lure for developing artificial intelligence, remove humans from the equation. Cost effective solution for reducing training costs and need to send political leaders and community organizers that wear military uniforms to vacation resorts to plan for the next war and give appearances they are actually doing something useful and productive. :p
 
Ok, now that I've had a chance to sleep and think about this.

Basically, this is the problem of sending .mil email traffic across the internet due to geographic restraints. Also lack of training and awareness on what should be encrypted for end user's. Unless you're on an isolated network, anything sensitive should be sent using whatever end to end encryption your organization provides.

Anything you send, unencrypted, can be intercepted in transit.
Is It Possible to Intercept Email and How? - Guardian Digital

Or in this case, it's much easier if you have access to the exchange server; it's super easy.

Get the real meaning of a catch all mailbox and how to set it up

For anyone using private email, such as Gmail, there's encryption options available.
Turn on hosted S/MIME for message encryption - Google Workspace Admin Help.
 

Similar threads

DA SWO
Air Force Rescue Helicopters Raced To The Aid Of Special Operators In Somalia
Replies
11
Views
3K
Gunz
Gunz
Red Ryder
Kony 2013: U.S. quietly intensifies effort to help African troops capture infamous warlord
Replies
16
Views
3K
pardus
pardus
Ravage
SAS at risk of recruitment crisis as Army is stretched to the limit
Replies
16
Views
6K
QC
QC
Ravage
SOF LEADER: A Salute to Special Operators, with Concern for Fraying of the Forces
Replies
0
Views
4K
Ravage
Ravage
Diamondback 2/2
Bashing of the M4
2 3
Replies
54
Views
11K
arizonaguide
A
Back
Top