A typo in an email would have sent millions of American military messages to Mali

"This risk is real and could be exploited by adversaries of the United States," warned the Dutch whistleblower who discovered them.

A typo reportedly routed millions of US military emails – some containing highly sensitive information – to Mali. The problem stems from entering .ML instead of .MIL for the domain of the receiving email address. As reported by the Financial Times, the letter error revealed data such as "diplomatic documents, tax returns, passwords and travel details of senior officials" - and much more. Although the misrouted emails have (so far) ended up with a contractor managing Mali's national domain, control of .ML will soon revert to the Malian government, which has ties to Russia.< /p>

The "typo leak" was revealed by Johannes Zuurbier, a Dutch entrepreneur managing the national domain of Mali. Zuurbier says he has made numerous attempts to warn the United States about the problem - beginning in 2014 - urging it to take it seriously; he says he was unlucky. He claims he started collecting the emails this year as the expiration date of his contract approached (and the handing over of the domain, including failed emails, to the Malian government), as a last-ditch attempt to persuade the United States to act urgently. In a letter to the United States in early July, Zuurbier wrote, "This risk is real and could be exploited by adversaries of the United States." He says he collected about 117,000 emails, and nearly 1,000 more arrived last Wednesday.

Although Zuurbier claims that none of the messages have been marked as classified, they still contain sensitive data about US military personnel, contractors and families. Reported content includes travel plans for a May trip by U.S. Army Chief of Staff General James McConville for a May trip to Indonesia. Other information exposed includes facility plans, base photos, identity documents (including passport numbers), vessel crew lists, tax and financial records, medical data, ship crew lists, ship inspection reports, contracts, criminal complaints against personnel, intimidation inquiries and bookings. An email from an FBI agent included a Turkish diplomatic letter to the United States, warning of possible operations by the Kurdistan Workers' Party (PKK).

"If you have that kind of continuous access, you can generate intelligence even from unclassified information," the former NSA chief and admiral told FT retired U.S. Navy four-star Mike Rogers. Rogers says that's not uncommon, noting that people who make mistakes aren't out of the norm. However, he adds, "the question is the breadth, duration and sensitivity of the information."

Lt. Cmdr Tim Gorman, speaking on behalf of the Pentagon, told FT that the Department of Defense "is aware of this issue and takes all unauthorized disclosures of controlled security information seriously. national or controlled unclassified information". He said that emails sent from .MIL to the .ML address "are blocked before leaving the .mil domain and the sender is informed that they must validate the email addresses of the intended recipients", suggesting that the misdirected emails may have come from the US military. personal worker accounts.