this post was submitted on 18 Jul 2023
24 points (100.0% liked)

U.S. News

2261 readers
4 users here now

News about and pertaining to the United States and its people.

Please read what's functionally the mission statement before posting for the first time. We have a narrower definition of news than you might be accustomed to.


Guidelines for submissions:

For World News, see the News community.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Over 100,000 U.S. military emails have been misdirected to Mali this year due to a spelling mistake that sent emails to .ML instead of .MIL addresses. The emails contain sensitive information about personnel, travel plans, and financial records. While not classified, the data could provide intelligence value if exploited. Control of the .ML domain is transferring to the Malian government which has ties to Russia, raising concerns the misdirected emails could be used to their advantage. The Pentagon says it is aware of the issue and blocking emails from leaving the .MIL domain, but mistakes still happen.

top 10 comments
sorted by: hot top controversial new old
[–] Gork 9 points 2 years ago (2 children)

So... when will there be PowerPoints and training that will now be required as a result of this incident? Now DoD employees will have to sit through yet another hour-long presentation about how to not make spelling mistakes lol.

[–] megopie 5 points 2 years ago

“ So if you remember this contrived acronym , you won’t accidentally write e-mali instead of e-mail”

[–] elfpie 1 points 2 years ago (1 children)

The fact treason is as easy as a spelling mistake is worrisome. Don't trust users not to shoot themselves in the foot.

[–] Lowbird 1 points 2 years ago

Honestly maybe this data shouldn't be emailed to begin with. Vs communicated by some other more secure platform. Or faxed.

[–] SugarApplePie 9 points 2 years ago (1 children)

Emails sent from the .MIL domain to the .ML addresses “are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients," Gorman said.

So they aren't actually making it to the .ml addresses? I can't tell if I'm not understanding something properly or someone is lying or what

[–] middlemuddle 2 points 2 years ago (1 children)

That's only for emails sent from the .mil domain. Emails sent from other domains don't have the same filters in place. The issue is that plenty of other domains are attempting to send emails to the .mil domain and are actually sending to the .ml domain. The article only confirms a filter is in place for .mil users, so it's entirely possible that .gov users have no such filter. Plenty of government workers with .gov domains would be trying to send sensitive info to .mil users. Or government contractors, who would have a whole bunch of possible domains, would be trying to send to the .mil domain and failing.

It's a pretty big, and stupid, breach, but I'm not sure how you get everyone who's not part of your closed system to ensure they're typing out .mil correctly.

[–] jarfil 2 points 2 years ago (1 children)

What I don't get, is why would anyone send any sensitive info unencrypted.

[–] middlemuddle 1 points 2 years ago (1 children)

That wouldn't really make a difference here, I don't think. A standard encrypted email just ensures that only the intended recipient can open it. Since the addressed recipients were the .ml domain, the emails would still be accessible by the wrong people.

[–] jarfil 1 points 2 years ago* (last edited 2 years ago)

Email encryption is kind of broken, but kind of in a good way: if you don't have the recipient's key, then you can't send an encrypted email. Since there would be no reason for senders of sensitive info intended for .mil receivers, to have the key for an equivalent receiver at a .ml domain, the emails would just fail to send, stopping any leak before it happened.

[–] TheOakTree 5 points 2 years ago

lemmy.mil when?