US Military Emails Intended For Pentagon Accidentally Sent To Users In Mali Due To Typographical Errors
Due to typing errors, email accounts in Mali have been receiving millions of emails meant for the Pentagon, the headquarters of the United States Department of Defense, over the past decade.
According to CNN via the Financial Times – because of this oversight – a number of security-sensitive information was exposed to users in the West African country of Mali.
In fact, the flaws were so severe that one of the emails sent included the hotel room number of US Army Chief of Staff General James McConville while he was on a trip to Indonesia in May.
How did it happen?
Pentagon domain names end in .MIL, while the African country of Mali uses .ML. Due to the similarity of the two domains and typos over the past decade, several emails have been “accidentally” sent to users in Mali.
This security breach was later exposed by Dutch internet entrepreneur Johannes Zuurbier. He claimed to have received the emails because his company had a contract to manage the .ML domain. Zuurbier claims to have raised the issue several times, including with the US Embassy in Mali.
Now that his contract for .ML domains has expired, the entrepreneur wanted to spread awareness on social media.
The Pentagon’s response
Pentagon Deputy Press Secretary Sabrina Singh has confirmed that none of the leaked emails were sent from official Defense Department email addresses. But as a precautionary and protective measure, the department has blocked its email accounts from sending .ml addresses to prevent future leaks.
He added that the emails were sent using personal accounts such as Gmail or Yahoo, and that the department has always advised employees not to use personal email accounts for work-related matters.
“The Department of Defense (DoD) is aware of this issue and takes any unauthorized disclosure of controlled national security information or controlled unclassified information seriously,” Lt. Cmdr. Tim Gorman told CNN.