Millions of US military emails that contained highly sensitive information have been mistakenly sent to Mali, all because of a minor typing error. Notably, Mali is a West African country that is an ally of Russia. According to the Financial Times, the leak has exposed highly sensitive information, including diplomatic documents, tax returns, passwords, and the travel details of top officers.
A simple domain name mix-up caused confusion in the first place. While the US military uses the “.MIL” domain, the mails were being sent to “.ML,” the domain for Mali.
Some of the misdirected emails were sent by military staff members, travel agents working with the US military, US intelligence, private contractors, and others. One email from earlier this year reportedly contained the travel itinerary for General James McConville, the US Army's chief of staff, for his visit to Indonesia.
The issue was first brought to light by Dutch internet entrepreneur Johannes Zuurbier who manages the domain for Mali. He told the Financial Times that this has been happening for over a decade despite his repeated attempts to warn the US government.
He has been collecting misdirected emails since January and has collected 1,17,000 misdirected messages so far, with almost 1,000 messages collected last Wednesday.
This month, Mr. Zuurbier wrote a letter to US officials to raise the alarm. He said that his contract with the Mali government was due to finish soon, meaning "the risk is real and could be exploited by adversaries of the US".
The Pentagon said it had taken steps to address the issue.
Pentagon spokesperson Lt Commander Tim Gorman told Financial Times that the Department of Defence “is aware of this issue and takes all unauthorised disclosures of controlled national security information or controlled unclassified information seriously".
Mr Gorman added that emails sent from a .mil domain to Mali are “blocked” and that the “sender is notified that they must validate the email addresses of the intended recipients.”