1 of 2 The Pentagon has said it takes the issue seriously and has already taken action to protect email delivery Photo: Getty Images The Pentagon has said it takes the issue seriously and has already taken action to Email protection seized Photo: Getty Images
Due to a minor typo, millions of emails from the US military were sent to Russia’s Mali ally in error.
For years, emails originally destined for the US military’s .mil domain were actually sent to the West African country ending in .ml.
Some of the emails allegedly contained confidential information such as passwords, medical information, itineraries of highranking officials, maps of military installations, financial records and some diplomatic messages.
The Pentagon (US Department of Defense headquarters) said it was taking appropriate steps to resolve the issue.
According to the Financial Times newspaper, which published the story, Dutch entrepreneur Johannes Zuurbier spotted the problem more than a decade ago and has been trying unsuccessfully to reach out to Americans ever since.
Since 2013, he has been tasked with administering the dominion of Mali, a country that has been gravitating towards Russia since its former government was overthrown in a coup in 2020.
This month, Zuurbier wrote a letter to US authorities to warn them again. The Dutchman warned his contract with the Malian government was about to expire, meaning there was a “real risk that could be exploited by US opponents”.
The entrepreneur has managed to collect tens of thousands of emails sent by mistake over the past few months.
The report requested comment from Zuurbier, but received no response.
According to the Financial Times, no message was considered confidential.
US military messages marked as “confidential” and “top secret” are transmitted through separate systems, making them unlikely to be sent inadvertently, US officials said.
2 of 2 Mali has drawn closer to Russia since a 2020 coup ousted its former government Photo: Getty Images Mali has drawn closer to Russia since a 2020 coup ousted its former government Photo: Getty Images
But Steven Stransky, an attorney who served as senior adviser to the US Department of Homeland Security’s Law and Intelligence Division, said even seemingly innocuous information could be useful to US opponents, especially if it included details about individual military personnel.
“This means that a foreign actor could start compiling dossiers on our military corps for espionage purposes or try to leak information in exchange for financial benefits,” Stransky said.
“This is certainly information that a foreign government can use.”
Lee McKnight, a professor of information science at Syracuse University, believes the US military was lucky because the problem was identified in advance and because the emails went to a Malian government domain and not to cybercriminals.
The professor adds that typosquatting a form of cybercrime in which users enter an internet domain name incorrectly is widespread.
“They wait for a person to make a mistake and trick them into doing stupid things,” explains McKnight.
A US Department of Defense spokesman contacted by the BBC said the issue was being taken seriously.
Enforcement has been put in place to ensure emails are not sent to incorrect domains. This includes blocking these emails before they leave the sender’s inbox and confirming the intended recipients.
Both McKnight and Stransky said human error is a major concern for information technology professionals in government and the private sector.
“Human error is by far the greatest safety risk in everyday life,” says Stransky. “We just can’t control everyone all the time.”