Millions of emails intended for the US military’s “.mil” domain have been mistakenly sent to Mali, a Russian ally, for years, due to a minor typing error, Your Content has learned.
The West African country’s domain, which ends with the “.ml” suffix, received sensitive information, including passwords, medical records, and the itineraries of top officers.
While none of the emails were marked as classified, they contained various data such as maps of US military facilities, financial records, planning documents for official trips, and some diplomatic messages.
The issue was identified by Dutch internet entrepreneur Johannes Zuurbier over a decade ago, who has been managing Mali’s country domain since 2013. Recent reports suggest that Zuurbier has collected tens of thousands of misdirected emails.
Recognizing the potential risk, Zuurbier wrote a letter to US officials, emphasizing that his contract with the Mali government was ending soon, which could be exploited by adversaries of the US.
Mali’s military government was scheduled to take control of the domain on Monday. The US Pentagon has taken steps to address the situation, ensuring that “.mil” emails are not sent to incorrect domains.
The Department of Defense stated that communications marked as “classified” and “top secret” are transmitted through separate systems, minimizing the likelihood of accidental compromise.
However, legal experts warn that seemingly harmless information can still prove valuable to foreign actors, who could use it for espionage purposes or to coerce military personnel for financial gain.
Experts highlight the prevalence of “typo-squatting” cyber-crime, where individuals are targeted due to misspelled domain names.
Professor Lee McKnight from Syracuse University emphasizes that the US military was fortunate that the emails were directed to Mali’s government domain rather than cyber criminals. Human errors, both in government and the private sector, remain significant security concerns according to experts.
The US defense department acknowledges the issue and reassures that it is being taken seriously, implementing measures to prevent further misdirected emails, according to BBC.