The typo could have had serious consequences. As the Financial Times revealed in an article published Monday, July 17, hundreds of thousands of “US military emails have been redirected to Mali following a ‘typography leak’.” To err is human here: Many Pentagon employees and services use email addresses with the “.mil” suffix, the suffix also known as the “top-level domain” administered by the American army. Just forget to type an i to accidentally send an email to [email protected].
This is where the problem comes into play: the top-level domain “.ml”, which corresponds to the country code of Mali, has been technically managed for ten years by the Dutch private company Mali Dili, which takes care of the assignment of all addresses in “.ml”. “. In the Financial Times columns, an official from Mali Dili explains that since 2013 he has observed a large number of requests for domain names such as army.ml and navy.ml that did not yet exist. By setting up a mail server linked to these domain names, he discovered nearly 117,000 messages originally intended for US Army personnel but accidentally sent to a Malian email address.
how big is the leak According to the financial newspaper, this is not a secret document and a large proportion of the redirected e-mails are in fact spam. Nonetheless, sensitive information was inadvertently sent to “.ml” addresses, such as an American general’s upcoming trips, personnel lists, or military personnel’s medical and financial documents. The newspaper also claims that it’s not just the American military that’s been affected: emails destined for Dutch officials (using the .nl top-level domain) were inadvertently sent to Malian addresses as well.
persons outside the army
These errors can be a cause for concern for US authorities. Especially since Mali Dili is no longer the technical manager for domain names in “.ml” since Monday. This role has in fact been delegated to the Agency for Information and Communication Technologies (Agetic), an organization affiliated with the Malian government. And this while Russia continues to expand its influence in the country, notably through the private Russian paramilitary group Wagner, which has had a presence in Mali since December 2021 and has posed as the main ally of the military in power since its coup in August 2020.
Read the poll: Article reserved for our subscribers In Mali, state security is suspected of financing Russian mercenaries Wagner
Through Agetic, will the Malian authorities and their Russian ally now be able to use misdirected emails to harm Washington interests? On Monday, July 17, Sabrina Singh, a Pentagon spokeswoman, assured a news conference that the ministry’s intelligence services were configured not to send email to a “.ml” address, but did not specify since when.
“None of the emails [qui ont] leaked that were mentioned [dans la presse] comes from a Department of Defense email address,” Singh also promised. The Pentagon assures that the problem arises in particular when members of the army personnel use their personal address (e.g. a Gmail address) to send professional documents. The Financial Times’ description of the documents also suggests that some emails accidentally sent to “.ml” addresses also came from people outside the army: employees of other branches of government or even private companies.
Alerts repeatedly
According to the British daily, “The problem was first recognized by Johannes Zuurbier almost ten years ago”. The man portrayed as a “Dutch Internet entrepreneur” is said to have repeatedly alerted the highest American authorities to the danger of such a data leak. The latter could also be “exploited by opponents of the United States” without secrecy, the entrepreneur wrote in a letter to the American government at the beginning of July.
But Johannes Zuurbier, also known as Joost Zuurbier, is not just a whistleblower. In March 2022, several companies he led, including Mali Dili, were the subject of a complaint of “cybersquatting” – that is, domain name theft – by Instagram, WhatsApp and Meta, Facebook’s parent company. According to the legal document consulted by Le Monde, several companies managed by Mr. Zuurbier, together with a certain Marcel Trik, “formed a complex network of fictional companies” that “registered, traded and used more than 5,000 domain names identical or similar to trademarks.” ” by Meta.
Also read: Article reserved for our subscribers The armies of Chile, Mexico, El Salvador, Peru and Colombia have been hit by a gigantic computer hack
In particular, Freenom, a company that oversees several other domain name management companies, has been accused of turning a blind eye to the fraudulent use of many of the addresses they manage and market, primarily used in phishing operations to harvest personal information have data and hack accounts on social networks.
The lawsuit cites fake domain names such as fb-instagram.cf, chat-whatsaap.gq or faceb00k.ga. Registered on behalf of clients by Mr. Zuurbier through his companies based in the Netherlands and the United States, they were used “to redirect their visitors to other commercial websites of a pornographic nature or to websites used for malicious activities such as phishing”. .
27,000 phishing operations
Indeed, citing a study conducted by the European Commission on abuse of the domain name system, the American judiciary has pointed out that “five of the ten most abused top-level domains are operated by Freenom”. Another report published in September 2021 by the Interisle Consulting Group, a group of digital security experts, estimated that Mali’s “.ml” was the subject of more than 27,000 phishing attempts. May 2020 to April 2021.
Mali is far from the only country affected. According to the same report, during the same period, the domain names of the states of Gabon (.ga), Central African Republic (.cf) and Equatorial Guinea (.gq) “operated by Freenom” by the company founded by Mr. Zuurbier were also the subject of more than 57,000 phishing operations.