Due to a typo, Dutch webmaster Johannes Zurber has received more than 100,000 emails since January that were intended for the US military. to write financial times. Zuurbier runs the Mali domain, which ends in .ml (like .nl in the Netherlands) – very similar to .mil, which is the US Army’s domain. As soon as people forget the letter “i”, he receives emails. Sometimes they contain highly sensitive content: tax returns, passwords, or travel plans for senior officials.
Zurbier raised the issue ten years ago and sent another letter to the United States this month. “The danger is real, and opponents of the United States can exploit it,” he added. On Monday, Zourbier and his company, Mali Dili, will hand over sponsorship of the .ml domain to the government of Mali, which has close ties to Russia.
Before Zurbier took over domain name responsibility in Mali in 2013, he already managed domains for the Central African Republic, Gabon, Equatorial Guinea, and New Zealand’s Tokelau Archipelago. And in Mali, he suddenly discovered a lot of requests for domains like army.ml and navy.ml, which don’t exist. Zurber suspected that these were emails. When he installed a system to intercept those messages, the system quickly overwhelmed him, after which he dismantled the system.
Also read: Earlier this year, Zurber bought a radio frequency for “Financial News Radio” in its first frequency auction in 20 years. It is not clear what he wants from that channel.
Once Zurber realized what was going on, he sought legal advice and tried several times to warn the US authorities. He got so nervous that he gave his wife a copy of the legal advice: “Just in case black helicopters suddenly show up in my backyard.”
According to a Pentagon spokesperson, emails sent to a domain outside of the .mil domain are automatically blocked — so military personnel must first click a message urging them to verify the sender. And in many cases that seems not enough, even though the majority of emails are spam, says Zurber.
Secret messages, which if class It is marked, he never received. But x-rays and other medical data, data on identity papers, blueprints of structures, photos of military bases, passwords, contracts, (criminal) complaints about personnel, internal bullying investigations, and tax and financial documents. “It is enough to gain valuable insights, even if the documentation is not classRetired US Admiral Mike Rogers says.
Incidentally, Zurbier also received emails from the Dutch army: army.nl, the Dutch domain, is also one wrong key away from .ml. For example, he obtained insights into a Dutch munitions-collecting operation in Italy and detailed reports among Dutch Apache helicopters in the US—including a complaint about a cyberattack. The Ministry of Defense did not respond, writes financial times. (Simon Hermos)