Millions of sensitive messages intended for US defense employees were inadvertently sent to email accounts in Mali because of a simple typing error, the Financial Times has reported.
Instead of the US military’s “.mil” domain, the emails were reportedly sent to accounts with the “.ml” suffix, directing them to people residing in the west African nation.
According to the report, some of the messages contained personal information, such as passwords and medical records of military personnel.
One of the misdirected emails even exposed the hotel room number and itineraries of US Army Chief of Staff, Gen. James McConville, during his trip to Indonesia earlier this year.
The US Department of Defense said it has taken steps to address the issue, including blocking all “.ml” email accounts as a precaution.
Discovered 10 Years Ago
According to the Financial Times, Dutch internet entrepreneur Johannes Zuurbier discovered the problem more than a decade ago.
He reportedly received a contract in 2013 to manage Mali’s internet domain, and later on found out that tens of thousands of emails were misdirected from the US.
After observing that the problem was recurring, Zuurbier wrote a letter to US defense officials this month to raise the alarm.
He explained that his contract was due to finish, and that Mali’s military government would soon take control of the domain.
Mali is a close ally of Russia.
In a report by CNN, it was discussed how a simple typing error could pose security risks to US national defense officials.
The personal details from the misdirected messages could reportedly be used to conduct targeted cyberattacks or track the movements of US DoD personnel.
Steven Stransky, a former senior counsel to the Department of Homeland Security’s Intelligence Law Division, said even seemingly harmless information could prove useful to adversaries.
“Those sorts of communications would mean that a foreign actor can start building dossiers on our own military personnel, for espionage purposes, or could try to get them to disclose information in exchange for financial benefit,” he told BBC.
“It’s certainly information that a foreign government can use.”