For over a decade, a typo has been causing millions of emails associated with the US military to be sent to Mali, a West African country allied with Russia, according to a report from the Financial Times. Instead of using the military’s .MIL domain, people frequently type .ML, which is the country identifier for Mali, by mistake.
Johannes Zuurbier, a Dutch entrepreneur contracted to manage Mali’s domain, has been trying to warn the US government about this issue for years. However, the misdirected emails have continued to occur, even after his repeated attempts to raise awareness. Zuurbier noticed requests for nonexistent domains like army.ml and navy.ml, and in response, he set up a system to catch these misdirected emails. Unfortunately, this system quickly became overwhelmed and stopped collecting the messages, as reported by the Financial Times.
Since January alone, Zuurbier has intercepted a staggering 117,000 misdirected emails, many of which contain sensitive information related to the US military. These emails include medical records, identity document information, lists of staff at military bases, photos of military bases, naval inspection reports, ship crew lists, tax records, and more.
The severity of the situation is heightened by the fact that once Zuurbier’s 10-year contract with Mali ends on Monday, authorities in Mali will have access to all these intercepted emails. This means that potentially sensitive information will no longer be contained within Zuurbier’s control.
The misdirected emails come from various sources, including military staff members, travel agents working with the US military, US intelligence, private contractors, and others, as reported by the Financial Times. For instance, an email earlier this year contained the travel itinerary for General James McConville, the US Army’s chief of staff, during his visit to Indonesia. The email not only revealed the travel schedule but also provided specific details about room numbers and the collection of McConville’s room key at the Grand Hyatt Jakarta.
In response to this issue, Tim Gorman, a spokesperson for the Office of the Secretary of Defense, states that the Department of Defense (DoD) is aware of the problem and takes unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously. Gorman adds that emails sent from a .mil domain to Mali are blocked, and the sender is notified that they need to validate the email addresses of the intended recipients.
However, Gorman acknowledges that this measure does not prevent other government agencies or individuals working with the US government from mistakenly sending emails to Malian addresses. To address this issue, the Department continues to provide direction and training to DoD personnel.
The implications of this longstanding typo are significant. It raises concerns about the exposure of sensitive military information to a country with ties to Russia. Furthermore, it highlights the vulnerability of digital communication systems and the potential consequences of simple human errors.
Moving forward, it is crucial for both the US government and other entities working with the military to prioritize email address accuracy. Measures should be put in place to prevent such easy-to-make mistakes, and robust systems need to be established to ensure the secure transmission of sensitive information. Additionally, partnerships with domain management experts, like Zuurbier, should be sought to address potential domain-related issues proactively.
In conclusion, the inadvertent typo causing millions of US military-related emails to be sent to Mali is a critical issue that demands immediate action. The exposure of sensitive information underscores the need for improved email address accuracy and better safeguards to protect classified data. Collaborative efforts between domain managers, government agencies, and personnel handling military communications are necessary to rectify this problem and prevent similar incidents in the future.
