‘This risk is real and could be exploited by adversaries of the US,’ warned the Dutch whistleblower who discovered them.

Email Typo Causes Millions of US Military Messages to be Sent to Mali

According to reports, a significant error in typing has led to the diversion of numerous US military emails, some of which contain highly classified information, to Mali. The issue arose when the email address domain was mistakenly entered as .ML instead of .MIL. This single-letter mistake has resulted in the exposure of sensitive data, including diplomatic documents, tax returns, passwords, and travel details of high-ranking officers, among other things. Currently, the misrouted emails have been received by a contractor responsible for managing Mali’s country domain. However, control over .ML will soon be transferred back to Mali’s government, which has connections to Russia.

The “typo leak” was revealed by Johannes Zuurbier, a Dutch contractor who manages land in Mali. Zuurbier says he has tried several times to warn the US about the issue – starting in 2014 – and urged it to take it seriously. he says he has had no luck. He claims he began collecting the emails this year as his contract expires (and the domain, including the failed emails, is handed over to the Malian government) nears, in a last-ditch effort to get the US to act urgently. In a letter to the United States in early July, Zuurbier wrote: “This risk is real and the adversaries of the United States can exploit it.” He says he’s collected about 117,000 emails, with nearly 1,000 more coming in last Wednesday alone.

While Zuurbier says none of the messages are marked classified, they still contain sensitive information about U.S. military personnel, contractors and families. Reported content includes US Army Chief of Staff General James McConville’s May travel plans for a trip to Indonesia. Other disclosed information includes facility maps, photos of bases, identification documents (including passport numbers), ship crew lists, tax and financial records, medical records, ship crew lists, naval inspection reports, contracts, criminal reports against personnel, internal records. bullying investigations and bookings. One FBI agent’s email contained a Turkish diplomatic letter to the United States warning of possible operations by the Kurdistan Workers’ Party (PKK).

“If you have this kind of continuous access, you can generate intelligence even from just unclassified data,” former NSA director and retired US Navy admiral Mike Rogers told the FT. Rogers says this isn’t uncommon, noting that it’s not unusual for people to do it. However, he adds: “The question is the scope, duration and sensitivity of the information.”

Lt Lt Tim Gorman, who spoke on behalf of the Pentagon, told the FT that the Ministry of Defense “is aware of this matter and takes any unauthorized disclosure of controlled national security information or controlled unclassified information very seriously”. He said that emails sent from .MIL to .ML are “blocked before they leave the .mil domain and the sender is notified that they must verify the email addresses of the intended recipients,” suggesting that the misdirected emails may have come from the U.S. military . employees’ personal accounts.