Taliban official's email blunder leaks 400+ contacts

Cc list puts journalists, activists at risk

By Neil McAllister in San Francisco, 16th November 2012

Anyone in the bulk email business should know never to mix up cc: ("carbon copy") and bcc: ("blind carbon copy") – especially if the materials you're sending out are Taliban press releases.

That was exactly the rookie mistake made by Taliban spokesman Qari Yousuf Ahmedi last week, ABC News reports, which resulted in Ahmedi inadvertently disclosing his full mailing list of more than 400 email addresses.

Ahmedi is one of two official spokesmen for the Islamic fundamentalist movement, the other being Zabiullah Mujahid. Ahmedi was reportedly forwarding a press release he received from Mujahid when he mistakenly put recipients' addresses in "cc" field, causing contacts he meant to keep private to be viewable to everyone on the list.

According to the ABC News report, most of those addresses belonged to journalists. That's bad news (no pun intended), because in war-torn Afghanistan, targeted attacks on journalists are commonplace.

According to Nai, an Afghan media watchdog group, there have been 121 acts of violence against journalists in the last three years alone, an average of more than three per month.

One reporter outed by Ahmedi's error was Mustafa Kazemi, a prolific blogger whose Twitter feed has more than 9,500 followers. On November 10, Kazemi turned to the micro-blogging service to announce the leak:

Taliban have included all 4 of my email addresses on the leaked distribution list of 500 email addresses. Quite reassuring to my safety.
— Mustafa Kazemi (@combatjourno) November 10, 2012

In later posts, Kazemi explained that the leaked email addresses were not limited to the media, but also included addresses from the US and Afghan governments, in addition to "a large number" of Taliban personnel.

ABC expounded further, noting that academics and activists were also included in the list, as were members of other, non-Taliban militant groups.

It may surprise some to learn that, for a fundamentalist religious group that imposes a strict, archaic interpretation of Islamic law, the Taliban is fairly modern where communications are concerned. The group regularly uses its email list and various blogs to issue press releases, generally to claim responsibility for attacks.

Earlier this year, Qari Yousuf Ahmedi told the Arabic newspaper Asharq Alawsat, "Visiting websites is not more difficult than joining jihad and the battlefield. More important than visiting websites is winning over the minds and hearts of the masses who visit websites."

Ahmedi also has his own Twitter feed, though as of this writing he has not posted anything about his email gaffe; in fact, it has been silent since November 6. Your intrepid Reg reporter couldn't find a Facebook page for him, either, though he has claimed to have one. Maybe that's one thing he knows how to keep private? ®

Steps to Take Before Choosing a Business Continuity Partner