Typo leads US and UK to mistakenly email sensitive info to Russian ally.

Emails Sent to Mali Instead of U.S. Military: A Costly⁢ Typo

For years, ‍emails intended for members of the U.S. military were​ mistakenly sent to Mali, a Russian ally in Africa, according to multiple reports.

The blunder occurred due to a simple ⁣typo that confused‌ the Pentagon’s “.mil” domain ⁤with⁣ Mali’s “.ml”‍ suffix.​ This oversight​ led to sensitive information⁣ potentially⁤ reaching the wrong hands.

The error was brought to ⁢the attention ‌of ⁣U.S. military officials by Johannes Zuurbier, ​a tech ⁢entrepreneur who had been hired by Mali’s⁢ government⁢ to manage their​ internet domain. Despite his efforts to alert ​U.S. officials, no action ​had been taken.

Zuurbier recently ⁣wrote‍ to ⁣the Pentagon, highlighting the issue and ⁤informing them that⁣ his‌ contract to run Russia’s African ally’s ⁤domain was ending soon.

Millions of private messages were mistakenly sent​ to the wrong ​address, some containing details about military personnel and their travel itineraries. Shockingly, even the travel itinerary of U.S. Army Chief of Staff ​Gen.‍ James McConville, including his room number and security information, ⁢was sent to this incorrect domain.

Although none of​ the⁢ sensitive information was marked classified, it included highly sensitive data⁤ on serving U.S. military personnel, contractors, and their families. The contents ranged from X-rays and medical data to identity documents, crew‍ lists, maps, photos, contracts, and even tax and​ financial⁣ records.

The Pentagon has taken measures to ‌prevent similar incidents from occurring in the⁢ future.

Interestingly, the same URL issue also⁣ resulted in privileged emails ⁤from the U.K. being ‌sent to Mali instead of the Pentagon. The U.K.’s top military officials are currently investigating the matter.

(1/2) This report ⁢misleadingly claims state secrets were sent to ⁣Mali’s email domain. We assess fewer than 20 routine emails were sent⁤ to​ an incorrect domain & are confident ⁤there was no breach of⁣ operational⁣ security or disclosure of technical ‍data.‌ https://t.co/frvgl3PE8C

— Ministry of Defence‍ (@DefenceHQ) ‍ July 28, 2023

The U.K. Ministry of​ Defence clarified that fewer than 20 ‌routine ‍emails ⁣were sent to the ‍wrong domain and assured that ⁤there ‌was no breach of operational security or disclosure ⁤of technical data.

(2/2) An investigation is ongoing.‍ Emails of this kind are not⁣ classified at secret or ⁣above.

— Ministry of⁤ Defence ⁤​ (@DefenceHQ) July 28, 2023

The Times reported that some British military emails, meant for the Pentagon, contained vacation⁢ schedules for military officers and detailed descriptions of weapons like hypersonic missiles.

It is a ⁣stark reminder of how ‌a small ⁣typo can have significant consequences, leading to the unintentional exposure of sensitive information.

Source: The Western Journal