Millions of US military emails, including highly sensitive information, have been mistakenly sent to Mali due to a single typo in the email address domain. Instead of using the correct “.MIL” domain, “.ML” was entered, leading to the exposure of diplomatic documents, tax returns, passwords, travel details of top officers, and more. Currently, these misdirected emails are being received by a contractor responsible for managing Mali’s country domain, but control of the “.ML” domain will soon be transferred to Mali’s government, which has ties to Russia.
Johannes Zuurbier, a Dutch contractor overseeing Mali’s country domain, discovered the “typo leak” and has been trying to notify the United States about the issue since 2014 without success. As his contract nears its expiration date and the domain is handed over to the Malian government, Zuurbier began collecting the misdirected emails as a final attempt to prompt urgent action from the US. In a letter sent to the US in early July, Zuurbier emphasized the real risk and potential exploitation of the situation by adversaries. He has collected approximately 117,000 emails, with nearly 1,000 arriving just last Wednesday.
While the emails are not marked as classified, they contain sensitive information about US military personnel, contractors, and their families. The exposed data includes travel plans, maps of installations, base photos, identity documents such as passport numbers, crew lists, financial records, medical data, naval inspection reports, contracts, criminal complaints, internal investigations, and more. Even unclassified information can be used to generate intelligence if sustained access is obtained, as noted by former NSA head and retired four-star US Navy Admiral Mike Rogers.
Lt. Cmdr Tim Gorman, representing the Pentagon, acknowledged the issue and emphasized the Department of Defense’s seriousness in handling unauthorized disclosures of controlled national security information. Gorman explained that emails sent from the “.MIL” domain to “.ML” addresses are blocked before leaving the “.mil” domain, and senders are notified to validate the intended recipients’ email addresses. This suggests that the misdirected emails may have originated from personal accounts of US military personnel.
Frequently Asked Questions (FAQs) about military email typo
What caused the misrouting of millions of US military emails to Mali?
The misrouting of millions of US military emails to Mali was caused by a single typo in the email address domain. Instead of using the correct “.MIL” domain, “.ML” was mistakenly entered, leading to the redirection of the emails.
What kind of information was exposed due to this email misrouting?
The exposed information due to the email misrouting includes diplomatic documents, tax returns, passwords, travel details of top officers, maps of installations, base photos, identity documents (including passport numbers), crew lists, financial records, medical data, naval inspection reports, contracts, criminal complaints, internal investigations, and more.
How long has this issue been known?
The contractor managing Mali’s country domain, Johannes Zuurbier, has been trying to notify the United States about the issue since 2014. However, it has only gained significant attention recently as he collected the misdirected emails as a last-ditch attempt to urge urgent action.
What actions have been taken to address this issue?
The Department of Defense is aware of the issue and takes all unauthorized disclosures of controlled national security information seriously. Emails sent from the “.MIL” domain to “.ML” addresses are blocked before leaving the “.mil” domain, and senders are notified to validate the email addresses of the intended recipients. However, it is also suggested that some misdirected emails may have originated from personal accounts of US military personnel.
What risks does this misrouting pose to national security?
While the misdirected emails were not marked as classified, they still contain sensitive information that can be exploited. Adversaries could potentially gather intelligence from unclassified information, which emphasizes the need for urgent action to address the scale, duration, and sensitivity of the exposed information.
More about military email typo
- Financial Times: Typo sends sensitive US military emails to Mali
- The Verge: Typo leads to misrouting of US military emails to Mali
- Cybersecurity News: Millions of US military emails exposed due to typo
- Reuters: Typo mishap leads to sensitive data leak in US military emails
- NPR: Misdirected US military emails expose sensitive information
8 comments
I can’t believe the US government let this happen. They should have been more vigilant with our military’s sensitive information. Heads should roll for this major security lapse!
Typos happen, but this is a colossal blunder! How can they confuse “.MIL” with “.ML”? It’s basic stuff. They better fix this mess quickly and tighten up their cybersecurity protocols.
omg! million of us militari emails sent to mali bc of a stupid typo? seriouly? how did this happen? hope they fix it soon!
Unbelievable! Our top officers’ travel details, diplomatic docs, and more in the hands of Mali? We need to do something about this ASAP! Can’t let our enemies get their hands on such critical info.
This is a serious breach of trust. Our tax returns, personal data, and more floating around because of a typo? It’s outrageous! The government needs to be held accountable and ensure this doesn’t happen again.
This is a wakeup call for the US military. Simple errors like this can have massive consequences. They should have addressed this issue years ago when it was first brought up. Better late than never, I guess.
Wow, this is a major breach of security. All those sensitive info exposed just bcuz of a little mistake. They need to take this more seriously and protect our data better!
As a military personnel, this makes me question the security measures in place. Our lives and missions depend on the confidentiality of our information. This is a wake-up call to tighten up security and protect our data better!