A typing error has resulted in a significant breach of US military information over the past decade. Millions of emails, many of those containing highly sensitive information about United States defence forces, have been sent to Mali due to typo.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The error occurred when individuals mistakenly entered ".ML" instead of ".MIL" suffix in their email addresses, leading to the inadvertent diversion of sensitive emails intended for the US military to Mali, a country known for its association with Russia, reported the Financial Times. 

Johannes Zuurbier, a Dutch Internet entrepreneur managing the ".ML" domain, first noticed the problem nearly ten years ago. Despite raising alarms and multiple attempts to alert US officials, the issue still persisted.

The nature and contents of the leaked emails

The leaked content primarily consists of spam emails; however, the real concern lies in the messages containing highly sensitive information pertaining to United Stated defence forces. The sensitive data includes X-rays, medical records, identity document information, staff lists at military bases, maps and photos of installations, naval inspection reports and contracts, among others.

The information also included criminal complaints against personnel, internal investigations into bullying, and official travel itineraries, bookings, tax and financial records. The leaked information encompasses serving US military personnel, contractors, and their families.

According to Pentagon spokesman Lt. Cmdr Tim Gorman, the Department of Defense is aware of this issue. He emphasised that the Department takes any unauthorised disclosure of controlled national security information or controlled unclassified information very seriously. He further assured that emails directly sent from the .MIL domain to Malian addresses are blocked before leaving the .MIL domain, with the sender being notified to validate the recipient's email address.

Persistent efforts to raise alarm

After recognising the nature and potential ramifications of the issue, Zuurbier made multiple attempts to bring it to the attention of US authorities. He involved Dutch diplomats during a trade mission from the Netherlands in 2014, and again tried to alert the US authorities in 2015. Despite the lack of response, he remained persistent and resumed collecting misdirected emails this year, hoping it would finally prompt the Pentagon to address the issue.

Zuurbier began collecting the misdirected emails in January, in an attempt to demonstrate the gravity of the issue to the US authorities. He holds close to 1,17,000 misdirected messages, with a staggering number of almost 1,000 emails arriving in just one day. "This risk is real and could be exploited by adversaries of the US,” wrote Zuurbier in a letter sent to the US authorities in July. 

Mali's Russian connection

The potential risk of exploitation of the leaked data is further heightened by Mali's recent Russian affiliation. Russia has managed to establish a presence in the African country in 2022 through the private military organisation, the Wagner Group. Russian authorities had at first maintained Wagner Group’s independence from the Russian state. But the Russian-Ukraine War has highlighted that the paramilitary organization that reportedly staged a rebellion against President Vladimir Putin was backed by the state. The US State Department stated in May that the Wagner Group aimed to use Mali as a route to transport war supplies to Ukraine.

Given the imminent transfer of the .ML domain to the Malian government, this relationship makes the data leakage more alarming. It potentially allows the leaked emails, and the sensitive information they contain, to be accessed by US adversaries.

With inputs from agencies