The typo could have had serious consequences. As revealed THE FinancialTimes in an article published Monday, July 17hundreds of thousands of “US military emails diverted to Mali following ‘typography leak'”. To err is human here: many Pentagon employees and services use email addresses ending in “.mil”, this is the suffix, also called “top level domain”, managed by the American army. Just forget to type an i to inadvertently send an email to “[email protected]”.
This is where the problem comes in: the “.ml” top-level domain, which corresponds to the country code of Mali, has been technically managed for ten years by the Dutch private company Mali Dili, which takes care of assigning all addresses in “.ml”. In the columns of FinancialTimes, an official from Mali Dili explains that he observed, from 2013, a large number of requests concerning domain names such as army.ml and navy.ml, which did not yet exist. Putting in place a mail server associated with these domain nameshe thus discovered nearly 117,000 messages, initially intended for personnel of the American army, but sent by mistake to a Malian e-mail.
How big is the leak? According to the financial daily, no classified document is concerned, and a large part of the diverted emails actually corresponds to spam. But sensitive information was still inadvertently sent to “.ml” addresses, such as the upcoming trips of an American general, lists of personnel or medical and financial documents relating to army employees. . The newspaper also claims that the American military are not the only ones concerned: emails intended for Dutch officials (who use the top level domain “.nl”) have also been inadvertently sent to Malian addresses.
Persons outside the army
These errors can be a source of concern for US authorities. Especially since Mali Dili is no longer, since Monday, the technical manager of domain names in “.ml”. This role has, in fact, been transferred to the Information and Communication Technology Agency (Agetic), an organization attached to the Malian government. And this while Russia continues to increase its influence in the country, in particular through the private Russian paramilitary group Wagner present in Mali since December 2021, and poses as the main ally of the military in power since their coup. in August 2020.
Through Agetic, will the Malian authorities and their Russian ally now be able to use misdirected emails to harm Washington’s interests? Monday, July 17, Sabrina Singh, one of the Pentagon spokespersons, assured at a press conference that the ministry’s mailboxes were configured to prevent any email being sent to a “.ml” address, without however specifying since when.
“None of the emails [qui ont] leaked that were mentioned [dans la presse] is from a Department of Defense email address”also promised Mme Singh. The Pentagon assures that the problem comes in particular from the members of the personnel of the army using their personal address (for example a Gmail address) to send professional documents. The description of the documents made by the FinancialTimes also suggests that some emails mistakenly sent to “.ml” addresses also come from people outside the military: employees of other branches of government, or even private companies.
Alerts repeatedly
According to the British daily, “The problem was first identified nearly ten years ago by Johannes Zuurbier.” The man, presented as a “Dutch internet entrepreneur”, would have repeatedly alerted the highest American authorities of the risk represented by such a data leak. Even unclassified, these could be “exploited by adversaries of the United States”, reportedly wrote the entrepreneur in a letter sent to the US administration in early July.
But Johannes Zuurbier, also named Joost Zuurbier, is not just a whistleblower. In March 2022, several companies he led, including Mali Dili, were the subject of a complaint for “cybersquatting” – that is to say for domain name usurpation, on the part of Instagram, WhatsApp and Meta, the parent company of Facebook. According to the court document seen by The worldseveral companies that Mr. Zuurbier led, with a certain Marcel Trik, have “formed a complex network of fictitious companies” having “registered, trafficked and used more than 5,000 domain names identical or similar to registered trademarks” by Meta.
In particular, Freenom, a company that oversees several other domain name management companies, is accused of having turned a blind eye to the fraudulent use of many addresses that they managed and marketed, and which were mainly used for operations phishing schemes intended to siphon personal data and hack accounts on social networks.
Counterfeit domain names, such as fb-instagram.cf, chat-whatsaap.gq or faceb00k.ga are cited in the complaint. Recorded on behalf of clients by Mr. Zuurbier through his companies based in the Netherlands and the United States, they were thus used to “redirect their visitors to other commercial, pornographic websites or to sites used for malicious activities such as phishing”.
27,000 phishing operations
Quoting a study on the abuse of the domain name system conducted by the European Commission, the American courts have indeed pointed out that “five of the ten most abused top-level domains are operated by Freenom”. Another report, published in September 2021 by the Interisle Consulting Group, a group of digital security experts, estimates that Mali’s “.ml”, has been the subject of more than 27,000 phishing operations. May 2020 to April 2021.
Mali is far from being the only country concerned. According to this same report and over the same period, the domain names of the States of Gabon (.ga), the Central African Republic (.cf) and Equatorial Guinea (.gq), too “operated by Freenom”, the company created by Mr. Zuurbier, have also been the subject of more than 57,000 phishing operations.