Typo sends millions of US military emails to Russian ally Mali

Pentagon

A spokesperson said the MoD is aware of the issue and is being taken seriously

Millions of US military emails were mistakenly sent to Mali, a Russian ally, because of a minor typing error.

Emails destined for the US military’s “.mil” domain have been sent to the West African country that ends in the “.ml” suffix for years.

Some of the emails allegedly contain sensitive information such as passwords, medical records and itineraries of senior officers.

The Pentagon said it has taken steps to resolve the issue.

According to the Financial Times, which first reported the story, Dutch internet entrepreneur Johannes Zuurbier identified the problem more than 10 years ago.

Since 2013 he has had a contract to manage Mali’s national domain and in recent months he is said to have collected tens of thousands of misdirected emails.

None were marked as classified, but, according to the newspaper, they included medical data, maps of US military installations, financial records and official travel planning documents as well as diplomatic messages.

Mr. Zuurbier wrote a letter to US officials this month to sound the alarm. He said his contract with the Malian government was soon to end, meaning “the risk is real and could be exploited by adversaries of the United States.”

Mali’s military government was due to take control of the domain on Monday.

Mr. Zuurbier was approached for comment.

US military communications marked “classified” and “top secret” are transmitted through separate computer systems, making it unlikely that they will be accidentally compromised, according to current and former US officials.

But Steven Stransky, a lawyer who was formerly senior counsel for the Department of Homeland Security’s Intelligence Law Division, said even seemingly innocuous information could prove useful to US adversaries, particularly if it included details about individual staff.

“These kinds of communications would mean that a foreign actor may start building files on our own military personnel, for espionage purposes, or may try to get them to release information in exchange for a financial benefit,” he said. said Mr. Stransky. “It is certainly information that a foreign government can use.”

Malian soldiers

Mali has become increasingly close to Russia since a 2020 coup toppled its former government

Lee McKnight, professor of information studies at Syracuse University, said he thought the US military was lucky the issue had been brought to their attention and the emails were directed to a domain used by the Malian government, rather than to cybercriminals.

He added that “typo-squatting” – a type of cybercrime that targets users who misspell an internet domain – is common. “They’re hoping that a person will make a mistake and they can pull you in and do stupid things,” he said.

Contacted by the BBC, a spokesperson said the Ministry of Defense was aware of the issue and was being taken seriously.

They said the department has taken steps to ensure that “.mil” emails are not sent to incorrect domains, including blocking them before they leave and informing senders that they must validate the intended recipients.

Mr. McKnight and Mr. Stransky said human error was the top concern for IT professionals working in government and the private sector.

“Human error is by far the most significant day-to-day security issue,” Stransky said. “We simply cannot control every human, every time.”

Leave a Comment