Sensitive US military emails being sent to Mali due to simple typo

Due to a simple email address typo, millions of sensitive US military emails have been sent to Mali, raising security concerns.
Christopher McFadden
Millions of emails have been sent to Mali by mistake.


According to an exclusive report by the Financial Times, millions of US military emails have been sent to Mali due to a simple type in the email addresses. Containing sensitive information like crew manifests of ships or travel plans of senior staff; the issue comes from senders typing in the ".ML" rather than the ".MIL" domain at the end of email addresses. This simple mistake is not only embarrassing but could be potentially dangerous.

A simple mistake

Thankfully for all involved, these misdirected emails have (thus far) been received by a Dutch contractor who manages Mali's ".ML" domain, but this will soon revert Mali's government. The Dutch contractor managing Mali's country domain, Johannes Zuurbier, exposed the "typo leak" in which misfired emails were sent to the wrong domain. Despite numerous attempts to warn the United States about the issue, beginning in 2014, Zuurbier claims he has not had any luck. As his contract's expiration date approached, he started collecting the emails as a last-ditch effort to persuade the US to take action.

In a letter to the US in early July, Zuurbier expressed concern that adversaries of the US could exploit the actual risk posed by the sensitive data contained in over 117,000 emails he has collected. He added that nearly 1,000 more arrived last Wednesday alone, containing sensitive data about US military personnel, contractors, and families, although none of the messages were classified.

Exposed information includes travel plans, maps, photos, identity documents, crew lists, tax and financial records, medical data, naval reports, contracts, complaints, investigations, and a diplomatic letter warning PKK operations.

“If you have this kind of sustained access, you can generate intelligence even from unclassified information,” said NSA head and retired four-star US Navy Admiral Mike Rogers to the Financial Times. Rogers says this isn’t uncommon, noting that people making mistakes isn’t out of the norm. However, he adds, “The question is the scale, the duration, and the sensitivity of the information.”

US military warned

Lieutenant commander Tim Gorman, speaking for the Pentagon, explained to the Times that the Department of Defense “is aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously.” According to him, emails sent from a ".MIL" address to a ".ML" address are blocked within the .MIL domain and the sender is notified to validate the email addresses of the intended recipients. If true, this suggests that the misdirected emails may have come from US military workers' personal accounts, not work accounts.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board