For several years, millions of e-mails intended for Pentagon employees went to a large country in West Africa - Mali. But how is it possible that the Malians have been going through this for several years? Hacking into the US military's e-mails and taking over e-mails from them for several years doesn't exactly seem like something easy for anyone to do?! Yes exactly!
![Autor: "DoD photo by Master Sgt. Ken Hammond, U.S. Air Force." – This photo is available as DF-ST-87-06962 from defenselink.mil and osd.dtic.mil. [4] [5], Volné dílo, https://commons.wikimedia.org/w/index.php?curid=11934](https://benediktaudy.eu/wp-content/uploads/The_Pentagon_US_Department_of_Defense_building-scaled.jpg)
Of course, it doesn't work by sitting down at your computer right now and logging into the army email with the password "army12345678". This maneuver was essentially simple, but only one person in the whole world could perform it, which in this case is represented by our Malian.
The US Army uses the domain army.mil. This means that when employees email each other, they will use name@army.mil. But what should our Malian do with it? His domain he purchased: "army.ml ", is quite similar to the official army.mil website. Surely someone must occasionally type @army.ml instead of @army.mil… So the Malian logged into his Freenom.com account where his domain came from, which was even free, and linked it most likely via Cloudflare. Cloudflare allows you to create your own email using a domain you own. This means that it was not a problem for the Malians to create an @army.ml email that received all emails. Normally, emails should be returned to the sender when they go somewhere other than @army.mil. Unfortunately, that's probably not exactly what happened, so no one noticed.
But why did the Pentagon finally notice? According to the British newspaper Financial Times was the first to know about the error by Dutch Internet entrepreneur Johannes Zuurbier, who discovered the problem ten years ago. He has been managing the Malian .ml domain since 2013 and has noticed tens of thousands of misdirected e-mails in recent months. The Malian received about 100 e-mails a day, but most were SPAM.
According to the newspaper, no emails were marked as secret. However, the emails contained medical records, maps of US military installations, financial records and even some diplomatic messages. The army.ml domain was thus cancelled. Mr Zuurbier later explained that all secret and top secret emails are sent through separate IT systems and that it is unlikely these documents could have been compromised.
Lee McKnight also commented on the incident, saying that "typo-squatting" is a common method used by attackers, hoping that a person will make a mistake and they can catch you entice to do something stupid. Finally, a measure was put in place to prevent emails from being sent to domains other than .mil. But when someone needs to send something outside of the .mil domain, the email is bounced back and they have to confirm that they are sending the email to a non-.mil domain.
We just can’t control every single human, every single time.
-Mr Stransky
Sources:
Leave a Reply