Anastasia Pechenyuk14:48, 07/18/236 min.3096

The Malian government will soon have access to the erroneously sent information.

A typo caused classified US military data to leak to a web operator in Mali, a Russian ally. 

Soon, the wrongly sent letters may begin to be collected by the Malian government, writes the Financial Times. 10 years ago, Dutch internet entrepreneur Johannes Zurbjer signed a contract to manage the Mali (.ML) country domain, which expires next week. 

While managing the domain, Zurbjer discovered that the American side often sends a variety of, in particular, classified information to Mali due to a typo (spelling .ML instead of .MIL used in all email addresses of the US military).

For the past decade, the businessman has warned Americans about the danger of this phenomenon and asked them to take the problem seriously, because in the end it could be used by the enemies of the United States. 

He approached the American side through the defense attache, the senior adviser to the US National Cyber ​​Security Service, and even through White House officials. The businessman attracted Dutch diplomats, but these efforts did not yield results. 

This year, Zurbier began collecting misdirected email again to try to warn the Pentagon once again of the danger. Since January of this year, Zurbier has collected about 117,000 misdirected messages, almost 1,000 in just one day. On Monday, Zurbjer’s 10-year contract to manage the domain will end and control will return to the Mali government. 

Then the Malian authorities will be able to start collecting erroneously sent letters. 

Retired US Admiral Mike Rogers, who previously headed the National Security Agency and the US Army Cyber ​​Command, is convinced that constant access to even unclassified information is enough to generate intelligence. And the transfer of the domain to the management of the Malian government creates a problem.

“It’s one thing when you come across a domain administrator who tries, even unsuccessfully, to express concern. It’s another thing when it’s a foreign government that perceives this as an advantage that can be used,” Rogers said. 

What documents were mistakenly sent to Mali

During this time, millions of US military emails were mistakenly sent to Mali. Most email is spam, but some messages contain very sensitive data. For example, about US military personnel, contractors and their families.  

In addition, diplomatic documents, tax returns, passwords and travel data of senior officers were sent in this way. 

They also sent X-rays, medical data, information about identity documents, lists of ship crews, lists of personnel at bases, photographs of bases, naval inspection reports, internal internal investigations and the like. 

For example, one mis-sent email contained a detailed travel itinerary for General James McConville, Chief of Staff of the US Army, and his delegation in preparation for a trip to Indonesia earlier this year.About a dozen people mistakenly asked to send passwords to Mali to restore the intelligence community system. 

They also sent passwords needed to access documents hosted on a secure file hosting service of the Ministry of Defense. Contractors working with the US military have also made mistakes, with twenty regular updates from defense contractor General Dynamics related to the production of training cartridges being sent to Mali.The problem also applies to other countries. 

For example, one FBI naval agent accidentally sent an urgent Turkish diplomatic letter to the US State Department in Mali about possible operations by the Kurdistan Workers’ Party (PKK) against Turkish interests in the US. 

Also in the correspondence was a “delicate” briefing about attempts by Iran’s Islamic Revolutionary Guard Corps to use Iranian students and the Telegram messaging program to spy on the US.

The Pentagon’s reaction to a large-scale leak

Pentagon spokesman Tim Gorman assures that the Department of Defense “is aware of this issue and takes any unauthorized release of controlled national security or controlled unclassified information seriously.” 

He said that emails sent directly from the .MIL domain to Malian addresses are “blocked before they leave the .MIL domain and the sender is notified to verify the email addresses of the intended recipients.” 

(C)UNIAN 2023