Pentagon typo leaked millions of sensitive messages to African nation

[KellyinAvon]

I had a .mil email address from 1996 (when I got to a base that didn't think it was 1958) until I retired in 2007. I never accidentally sent an email to Mali.

Mali, an ally of Russia, will soon gain access to the messages​

News of the leaks first came from Johannes Zuurbier, a Dutch entrepreneur who manages Mali's domain. Zuurbier told FT that he has collected at least 117,000 emails from within the Pentagon since January alone, and many more in years prior.

Zuurbier warned that his 10-year contract to manage Mali's domain expires this week, at which point control will revert to Mali's government, which is closely allied with Russia.

News of the leak comes just days after China-based hackers gained access to U.S. government emails through a Microsoft cloud system. Microsoft is still investigating the source of the breach, but President Biden's administration has vowed consequences for those responsible.

Pentagon typo leaked millions of sensitive messages to African nation

The Pentagon has been inadvertantly sending sensitive messages and emails to an African country due to a typo in the U.S. military's email domain name.

www.foxnews.com

 

[DoggyDaddy]

I had a .mil email address from 1996 (when I got to a base that didn't think it was 1958) until I retired in 2007. I never accidentally sent an email to Mali.

Mali, an ally of Russia, will soon gain access to the messages​

News of the leaks first came from Johannes Zuurbier, a Dutch entrepreneur who manages Mali's domain. Zuurbier told FT that he has collected at least 117,000 emails from within the Pentagon since January alone, and many more in years prior.

Zuurbier warned that his 10-year contract to manage Mali's domain expires this week, at which point control will revert to Mali's government, which is closely allied with Russia.

News of the leak comes just days after China-based hackers gained access to U.S. government emails through a Microsoft cloud system. Microsoft is still investigating the source of the breach, but President Biden's administration has vowed consequences for those responsible.

Pentagon typo leaked millions of sensitive messages to African nation

The Pentagon has been inadvertantly sending sensitive messages and emails to an African country due to a typo in the U.S. military's email domain name.

www.foxnews.com

And they want to put more and more stuff in "the cloud". Idiots.

 

[Alamo]

Assuming this is the unclassified net, dumping a bazillion .mil emails on the Russkies sounds like a great way to keep the bogged down and chasing their tails for the next 10 years. Certainly does that for us.

 

[phylodog]

I had a .mil email address from 1996 (when I got to a base that didn't think it was 1958) until I retired in 2007. I never accidentally sent an email to Mali.

Mali, an ally of Russia, will soon gain access to the messages​

News of the leaks first came from Johannes Zuurbier, a Dutch entrepreneur who manages Mali's domain. Zuurbier told FT that he has collected at least 117,000 emails from within the Pentagon since January alone, and many more in years prior.

Zuurbier warned that his 10-year contract to manage Mali's domain expires this week, at which point control will revert to Mali's government, which is closely allied with Russia.

News of the leak comes just days after China-based hackers gained access to U.S. government emails through a Microsoft cloud system. Microsoft is still investigating the source of the breach, but President Biden's administration has vowed consequences for those responsible.

Pentagon typo leaked millions of sensitive messages to African nation

The Pentagon has been inadvertantly sending sensitive messages and emails to an African country due to a typo in the U.S. military's email domain name.

www.foxnews.com

Why wait years to report it?

So...Microsoft is investigating? The same Microsoft run by Bill Gates? The same Bill Gates who Xi Jinping calls an old friend? I'll be here on the edge of my seat.

Oh wait, Biden's Administration vows consequences?!?!?!?! Never mind, seat available over here, no point waiting around for anything to happen.

 

[wtburnette]

And they want to put more and more stuff in "the cloud". Idiots.

It's one of those circular problems that business has created for itself. They hire people who have next to no understanding of technology for roles working with technology. IT/IS departments are slammed having to deal with issues caused by this and end up being draconian in their responses to end users. This causes hurdles for business to get done in a timely manner, so there's a push to move to the cloud because they can spin up resources quicker than going through internal IS/IT. Add to that the cost and complexity of running a server room, let alone a datacenter and you have businesses flocking to the cloud. Worse for me in my job is people who don't understand that just because you move to a well known cloud vendor, it doesn't make things secure unless you make it secure.

And the InfoSec guy in me asks, if the data was sensitive and in email, why wasn't it encrypted?

 

[WebSnyper]

So if they are in fact blocking incorrectly addressed emails trying to egress from the .mil email domain to the incorrect .ml email, it sounds like the issue (referenced by the article) is external email accounts (including personal accounts owned by .mil personnel) emailing incorrectly to the .ml domain. Pretty basic email transport rule, I'd think.

Would seem like setting up better controls on the data encryption/access controls, etc (including better app controls and controlling of personal accounts on devices) would be part of the answer.

I don't see this is being a cloud issue personally and actually some of the controls provided by the cloud could help better control this.

Now the separate issue raised about the China concern (which is a completely separate issue) is a cloud controls/security concern. The article sort of conflates the 2 issues, when they are in fact separate issues.