That’s a poor excuse. If something is secret or higher it has a different TLD. The SIPRnet uses .smil for example. There are also tools at the boundaries that don’t allow going from SIPR to NIPR unless they meet specific criteria. Basically you can only leak those secrets accidentally if they were already on a system they shouldn’t have been on.
Zuurbier said he’s been pestering the US government and military for the last 10 years to get them to do something about the problem. The military told the FT it blocks outgoing emails to .ml domains from its own network. There’s presumably little it can do about emails sent from other domains.
its just that with the end of the contract between Mali and the registrar, the military emails got in the news as now army.ml and navy.ml are controlled by the Mali government rather than the CEO of the registrar.
That is what made this whole .ml problem. Some people have apparently accidentally leaked American state secrets to Mali by typo.
That’s a poor excuse. If something is secret or higher it has a different TLD. The SIPRnet uses .smil for example. There are also tools at the boundaries that don’t allow going from SIPR to NIPR unless they meet specific criteria. Basically you can only leak those secrets accidentally if they were already on a system they shouldn’t have been on.
Additionally, competent IT would make this fuck up impossible. I’m shocked that they didn’t whitelist TLDs and block all others.
Classified and top are in a separate system that can’t leak.
The registar that operates .ml, .tk, .ga, and some others has been having difficulty.
In March they got sued by Meta for operating domains with phishing operations. Their operations have been spotty for the past several months ( https://news.ycombinator.com/item?id=34194555 ). They lost the .ga domain in June ( https://forum.infinityfree.net/t/all-freenom-ga-domains-are-taken-down-by-registry/77131 ).
The issue with army.ml and navy.ml was just the most recent incident and may have accelerated things, but only by days (maybe weeks) as the agreement that the registrar had with Mali was for 10 years and expired the other day ( https://domainincite.com/28897-freenom-is-losing-another-cctld-after-collecting-military-emails ).
This isn’t a new thing - from the article:
its just that with the end of the contract between Mali and the registrar, the military emails got in the news as now army.ml and navy.ml are controlled by the Mali government rather than the CEO of the registrar.