Millions of US military emails have mistakenly ended up in Mali – a country more friendly to Russia. A persistent typing error is to blame.
The risk of typing mistakes was known for years. But the issue – the fact that the US military’s “.mil” domain is very close to a “.ml” suffix used by Mali, a west African country – wasn’t addressed.
Now, of course, there’s a problem, and a big one at that. According to the Financial Times, Johannes Zuurbier, a Dutch internet entrepreneur who has had a contract to manage Mali’s country domain since 2013 has collected tens of thousands of misdirected emails in recent months.
Zuurbier said some of the emails contained sensitive – but not classified – information such as passwords, medical records, and the itineraries of top officers. Of course, data such as maps of US military facilities is still important.
That’s why Zuurbier contacted US officials this month to raise the alarm. He said his contract with the Mali government was due to end soon, and this meant that “the risk is real and could be exploited by adversaries of the US,” the Financial Times reported.
The Pentagon is now taking steps to address the mistake. However, the Mali government – the military junta that took power after the 2020 coup d’etat – actually took control of the domain on Monday.
The country’s authorities are, in theory, now able to gather the misdirected emails. The junta can then try to use the information to their advantage or even share it with Russia – which could use it for propaganda purposes.
Classified and top secret communications are transmitted through separate US military IT systems, so they’re unlikely to have been compromised.
Nevertheless, the Pentagon is quite lucky that this was a case of accidental typo-squatting – a type of cyber crime targeting users who incorrectly misspell an internet domain. The emails could easily have been sent to threat actors.
In spring 2023, the Pentagon was shaken by a much bigger leak when 21-year old Jack Teixeira, a Massachusetts Air National Guard member, was accused of sharing classified military documents about Russia’s war in Ukraine and other sensitive national security topics on Discord, a social media platform.
Teixeira appeared to share the documents he surreptitiously obtained while working at military bases on Discord in order to impress his peers. The leaker is now in custody but is arguing for a pre-trial release through his lawyers.
More from Cybernews
Subscribe to our newsletter