Millions of sensitive U.S. military emails have been leaked to Mali, all because of a common typo.
The U.S. military’s domain ends with .MIL, which is only one letter removed from Mali’s domain, .ML. The leak was first reported by the Financial Times.
The problem has been going on for almost a decade, the Times reported. Dutch internet entrepreneur Johannes Zuurbier was the first to identify the issue when he took charge of Mali’s government domain. Since then, he has collected millions of emails that contain travel plans of officials, tax returns, passwords and diplomatic documents.
Throughout Zuurbier’s time managing the domain, he told the Times that he’s tried multiple times to warn U.S. officials of the leak and hasn’t gotten a meaningful response back. In preparation for his contract ending with Mali, he’s collected 117,000 misdirected emails to show the U.S. government — and that’s just since January.
Russia is known to be politically active in Mali and Zuurbier worries about what could happen with the information if it got in the hands of someone who wanted to use it against the United States, he told the Times.
“If you have this kind of sustained access, you can generate intelligence even just from unclassified information,” Mike Rogers, a retired American admiral who ran the National Security Agency and U.S. Army’s Cyber Command, told the Times.
The Military Times reported that the Defense Department has seen more than 12,000 cyber incidents since 2015.
The Pentagon’s deputy press secretary, Sabrina Singh, said on Monday that the agency was “aware of these unauthorized disclosures of controlled national security information” and has actively worked to minimize the leak. None of the information leaked was marked classified, only sensitive.
She said that earlier this year the Department of Defense “implemented policy and training mechanisms,” such as bouncing back emails that do not end in the correct suffix.