Typo Sends Millions of US Military Emails to Mali

For numerous years, a small typographical mistake in the email domain name has resulted in the misdirection of millions of emails destined for the U.S. military to the West African nation of Mali, a Russian ally, instead.

The BBC reports that the error, swapping the military’s “.mil” domain with Mali’s “.ml” suffix, has been causing sensitive emails, including medical records, passwords, and itineraries of top-ranking officers, to end up in Mali for more than a decade.

The Pentagon, while admitting to taking measures to rectify this, hasn’t been quick enough to resolve it. The issue was flagged over 10 years ago by Johannes Zuurbier, a Dutch internet entrepreneur, as per the story first reported by The Financial Times.

Since 2013, Zuurbier has been in charge of managing Mali’s country domain as part of a contract. He revealed that in the past few months, he has intercepted tens of thousands of wrongly addressed emails due to the typing error.

While none of the emails were classified, they carried sensitive information such as medical data, diplomatic correspondences, financial records, and layouts of U.S. military facilities, as per The Financial Times.

Zuurbier, in a letter to U.S. officials, cautioned that with his contract with the Mali government nearing its end, the issue poses a “real and significant risk, which could be exploited by U.S. adversaries.”

The Malian government was scheduled to assume control of the domain on Monday.

Ex and current U.S. officials assure that classified or top-secret military communications are routed through distinct systems, minimizing their risk of compromise. However, Steven Stransky, a former senior counsel to the Department of Homeland Security’s Intelligence Law Division, warned that even seemingly innocuous information could be advantageous to a hostile country.

He explained that such misdirected communications could enable foreign entities to compile profiles on U.S. military personnel for espionage or attempt to manipulate them into revealing information in exchange for financial rewards.

A spokesperson for the Department of Defense told the BBC that they are earnestly addressing the situation and taking measures to prevent military emails from reaching the wrong domain.

These measures comprise blocking such emails before they are sent out and notifying senders to verify the intended recipients.