U.S. News

2243 readers

49 users here now

News about and pertaining to the United States and its people.

Please read what's functionally the mission statement before posting for the first time. We have a narrower definition of news than you might be accustomed to.

Guidelines for submissions:

Post the original source of information as the link.
If there is a paywall, provide an archive link in the body.
Post using the original headline; edits for clarity (as in providing crucial info a clickbait hed omits) are fine.
Social media is not a news source.

For World News, see the News community.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago

MODERATORS

[email protected]

A Spelling Mistake Is Causing Thousands of Sensitive Pentagon Documents to Be Leaked to a Russian Ally (themessenger.com)

submitted 1 year ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

Over 100,000 U.S. military emails have been misdirected to Mali this year due to a spelling mistake that sent emails to .ML instead of .MIL addresses. The emails contain sensitive information about personnel, travel plans, and financial records. While not classified, the data could provide intelligence value if exploited. Control of the .ML domain is transferring to the Malian government which has ties to Russia, raising concerns the misdirected emails could be used to their advantage. The Pentagon says it is aware of the issue and blocking emails from leaving the .MIL domain, but mistakes still happen.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 1 year ago (1 children)

What I don't get, is why would anyone send any sensitive info unencrypted.

[–] [email protected] 0 points 1 year ago (1 children)

That wouldn't really make a difference here, I don't think. A standard encrypted email just ensures that only the intended recipient can open it. Since the addressed recipients were the .ml domain, the emails would still be accessible by the wrong people.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Email encryption is kind of broken, but kind of in a good way: if you don't have the recipient's key, then you can't send an encrypted email. Since there would be no reason for senders of sensitive info intended for .mil receivers, to have the key for an equivalent receiver at a .ml domain, the emails would just fail to send, stopping any leak before it happened.