 It seems like every week there is some kind of a massive data leak that took place, either in government systems or in the private sector, and usually these data leaks are the result of some kind of a data breach, whether it's state sponsored hackers that are getting access to private data from their rivals, or a board high schooler with lots of technical knowledge that ends up becoming a black hat that hacks for fun and sometimes for profit. But most of the data breaches have one thing in common. There's a malicious threat actor that is exploiting a flaw in an organization's security model in order to obtain that sensitive data. Well today's story is going to break that mold a bit because I found out about a data leak that the US military has had for some time now that has caused purely by user error. A simple typo that might occur whenever you're filling out the recipient of an email. Instead of typing .MIL, which is the top level domain reserve for the United States Department of Defense, people sometimes type .ML, which is the top level domain for the country of Mali. The omission of one little I is all it takes for things like diplomatic documents, details about military officers, medical information, or anything else that could be in the body or attachments of a military email to end up in a random West African email inbox. Now you might be thinking that this sounds like the kind of problem that should never exist within the DoD's email systems and to be honest with you, it doesn't really exist on their end. At the very least I would suspect that if someone is using a military email account in a military email system that they would get a pop-up asking if they're really sure that they want to send state secrets off to Mali. The real issue actually lies with all the other businesses and individuals that are emailing people with these .MIL email addresses as well as military personnel that might use their personal email addresses to email other .MIL addresses and they end up making that typo in their non-military email software. The Pentagon has said that such emails to the .ML domain are blocked before they can even leave the .MIL domain and the sender is notified that they must validate the email addresses of the intended recipients. So because of this it's highly unlikely that something like classified information would ever leak to someone that is typosquadding on a .ML domain but just because information isn't classified that doesn't mean it isn't incredibly dangerous if it gets into the wrong hands. For example one of the misdirected emails that was sent earlier this year included the travel plans for Army Chief of Staff General James McConville and 20 other people that were traveling with him to Indonesia back in May. The email in question included everyone's room numbers, the address of the hotel they were staying at, the full itinerary for the general and the 20 others. So it doesn't take much imagination to come up with some really bad scenarios that could have unfolded after that intel got leaked. Now for the past 10 years or so the country of Mali hasn't actually had direct control over their country's top-level domain which is usually the case for things like .US or .RU or any other country top-level domain. For the last decade it's been managed by a Dutch internet businessman and this is why we know about this typosquadding issue in the first place. He's been trying to work with the military to resolve the problem and just this year he's collected 117,000 emails that were supposed to go to people with .MIL addresses but the contract that gives this guy control over Mali's TLD is supposed to be expiring very soon and so the Mali government would then be the ones who are able to access these emails and that's not very good because without getting too into the weeds of geopolitics Mali does have some diplomatic ties with America but they also have ties with Russia and the Alliance with Russia and Mali seems like it's a little bit closer so I don't think it's too far fetched to think that Mali might sell some US intelligence to Russia just like US allies do with us and this is one of those problems that can really only be solved by people paying more attention when they're sending emails. I mean sure there are technical stops that can be put in place to prevent a doctor from emailing some random guy in Mali a soldier's x-rays but those filters would have to be applied to every medical system every travel agent system and every other email system that is interacting with the US militaries and I don't see that happening anytime soon. Now talking about data leaks here's another one that hits a little bit closer to home the in-van surveillance footage of Amazon's delivery drivers has been leaking online in-van surveillance so this is something that Amazon themselves set up okay this isn't like that cell phone video that someone recorded of the lady leaving the back of the driver van after she put in some work for Chuck this is a totally different situation where somebody who works for Amazon or at least somebody who has access to the camera system that Amazon put in the vans is posting these videos online now Amazon started installing these AI enabled security cameras back in 2021 and as surveillance equipment has become cheaper over the years it's become so common that even some drivers for dominoes have the in-car surveillance which is how one of my favorite internet videos came about where this future rocket surgeon with level 100 speech takes this guy's car to help him deliver pizzas but not before seeing a quick how do you do to this police officer who pulled him over uh so anyway this leak of footage from Amazon really begs the question of how did the videos get out there in the first place many of them show multiple angles like this one that shows a driver backing into another vehicle so we've got the dash camera recording of him and the rear camera that's in the van or this one where a guy got chased by a dog it clearly shows both angles of the front dash cam so it appears to me that whoever is uploading these has direct access to the footage of the cameras this isn't someone just at a central surveillance hub that's filming the cctv screen with their own cell phone and these leaks are a direct violation of amazon's own privacy policy for vehicle camera technology okay bullet point five says that this technology is supposed to be available to dsp via a secure portal well i scraped this footage from reddit and tiktok so i wouldn't exactly consider that to be a secure portal and when i look under with whom the section that says with whom amazon will share information derived from this technology it says that this is only supposed to be shared with people like the employer dsp which stands for delivery service partner amazon group companies third party service providers that are approved by amazon i'm none of these and yet i have the videos as does everyone else with access to these so called secure portals i think it's safe to say that amazon has failed to use appropriate and reasonable technical and organizational security measures to protect this information from loss misuse and unauthorized access this is just one of the many reasons that teamsters have been fighting with ups over the use of surveillance cameras because even when these things work properly and they are used properly the drivers still get the feeling that amazon ups or any other delivery company are like big brother always watching over them it almost makes you wish that the mafia was back in charge of the trucking unions again at least then delivery drivers would have videos of them losing part of their finger to a dog going viral on tiktok so do you think that this will result in amazon conceding to some driver privacy like ups did basically the teamsters managed to get ups to stop installing driver facing cameras meaning cameras that are recording the driver and the contract between the teamsters and ups is also supposed to prevent them from using data from the cameras to discipline their drivers so let me know your thoughts about that in the comments below be sure to like and share this video to hack the algorithm follow me on odyssey and have a great rest of your day