For the past decade, millions of emails destined for .mil US military addresses were actually directed at .ml addresses, that being the top-level domain for the African nation of Mali, it’s claimed. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, bookings for high-ranking military leaders, and more have been fired off at .ml addresses rather than the intended .mil ones, we’re told.
It starts with Johannes Zuurbier, the boss of Amsterdam-based Mali Dili, which manages Mali’s top-level country domain. After noticing a good number of DNS requests for Malian domains that didn’t exist, such as army.ml and navy.ml, Zuurbier set up a system to catch emails destined for these addresses.
Zuurbier’s mail catcher was overwhelmed, he said, and he stopped collecting messages shortly after bringing it online. He said he repeatedly tried to alert the American government to the issue in 2014 and 2015 without any luck.
The US military isn’t the only armed force making such mistakes. Emails intended for the Dutch military were also caught by Zuurbier’s system – messages went to .ml rather than .nl – as were messages from the Australian military intended for US military recipients.
Zuurbier’s ten-year contract with the Malian government to manage .ml is due to expire this week. After that, Malian authorities could set up their own email-capturing operation and begin gathering documents intended for Uncle Sam’s personnel with ease – a prospect that isn’t reassuring given Mali’s close ties with Russia.
— source theregister.com | 18 Jul 2023