Feeds

Taliban official's email blunder leaks 400+ contacts

Cc list puts journalists, activists at risk

Next gen security for virtualised datacentres

Anyone in the bulk email business should know never to mix up cc: ("carbon copy") and bcc: ("blind carbon copy") – especially if the materials you're sending out are Taliban press releases.

That was exactly the rookie mistake made by Taliban spokesman Qari Yousuf Ahmedi last week, ABC News reports, which resulted in Ahmedi inadvertently disclosing his full mailing list of more than 400 email addresses.

Ahmedi is one of two official spokesmen for the Islamic fundamentalist movement, the other being Zabiullah Mujahid. Ahmedi was reportedly forwarding a press release he received from Mujahid when he mistakenly put recipients' addresses in "cc" field, causing contacts he meant to keep private to be viewable to everyone on the list.

According to the ABC News report, most of those addresses belonged to journalists. That's bad news (no pun intended), because in war-torn Afghanistan, targeted attacks on journalists are commonplace.

According to Nai, an Afghan media watchdog group, there have been 121 acts of violence against journalists in the last three years alone, an average of more than three per month.

One reporter outed by Ahmedi's error was Mustafa Kazemi, a prolific blogger whose Twitter feed has more than 9,500 followers. On November 10, Kazemi turned to the micro-blogging service to announce the leak:

In later posts, Kazemi explained that the leaked email addresses were not limited to the media, but also included addresses from the US and Afghan governments, in addition to "a large number" of Taliban personnel.

ABC expounded further, noting that academics and activists were also included in the list, as were members of other, non-Taliban militant groups.

It may surprise some to learn that, for a fundamentalist religious group that imposes a strict, archaic interpretation of Islamic law, the Taliban is fairly modern where communications are concerned. The group regularly uses its email list and various blogs to issue press releases, generally to claim responsibility for attacks.

Earlier this year, Qari Yousuf Ahmedi told the Arabic newspaper Asharq Alawsat, "Visiting websites is not more difficult than joining jihad and the battlefield. More important than visiting websites is winning over the minds and hearts of the masses who visit websites."

Ahmedi also has his own Twitter feed, though as of this writing he has not posted anything about his email gaffe; in fact, it has been silent since November 6. Your intrepid Reg reporter couldn't find a Facebook page for him, either, though he has claimed to have one. Maybe that's one thing he knows how to keep private? ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.