| More worryingly, typos to US military addresses from external address will now be routed to Mali. From Matt Levine this week: >Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers. >Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses. >The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch internet entrepreneur who has a contract to manage Mali’s country domain. >Control of the .ML domain will revert on Monday from Zuurbier to Mali’s government, which is closely allied with Russia. When Zuurbier’s 10-year management contract expires, Malian authorities will be able to gather the misdirected emails. The Malian government did not respond to requests for comment. >“Much of the email flow is spam and none is marked as classified,” and apparently if you work in the US military and you email someone else in the US military, the system prevents this typo. But if you are an outside contractor, or an Army officer emailing from your personal account, all bets are off. “Around a dozen people mistakenly requested recovery passwords for an intelligence community system to be sent to Mali.” |
This is one of the rare good sides of having near-monopolies.