Millions of US military e-mails leaked. All because of a typo in the address

millions of US military e-mails have been sent to incorrect e-mail addresses for years because of a typo. The error was discovered less than 10 years ago when Dutch entrepreneur Johannes Zuurbier, director of Mali Dili, was contacted to handle the Mali (a country in West Africa) internet domain, but the Americans have not done anything about it since. Zuurbier has since received millions of messages from the US military, according to FT information.

A Dutch entrepreneur has received millions of confidential e-mails from the US military

The problem turns out to be the similarity of the suffix of US military e-mail addresses (.mil” from military) with the country domain located in Africa Mali (.ml”). The lack of this one letter means that e-mails, unable to reach non-existent addresses, are directed to Zuurbier, who takes care of the Malian domain. The Dutchman says he has alerted US officials to the problem multiple times. Since January, it has been saving misdirected emails and so far has collected nearly 117,000 of them. Last Wednesday alone, he received a thousand more messages. While a mistake in the address of the recipient of an email may seem funny, the matter is very serious, because it is about a lot of sensitive or secret information that has ended up in the wrong place.

According to “FT”, among them were diplomatic documents, tax returns, data on the families of military personnel, information about the health of soldiers, lists of staff members of individual military bases, maps and photos of protected objects, and even details of business trips of military dignitaries. An example is the very detailed itinerary of General James McConville, the US Army Chief of Staff, and his delegation, who traveled to Indonesia earlier this year. The Agenda went to the Zuurbier company instead of people in the American army.

Zuurbiera’s last contact with the Americans was in July this year, warning that such mistakes are risky and could be “used by US adversaries.” Mike Rogers, a retired US admiral, told the British daily that such a set of data creates ideal conditions for generating intelligence. He noted that people make mistakes, but in these cases the scale of mistakes and the sensitivity of information is puzzling.

The 10-year contract of the Dutch company for the maintenance of the domain expires soon, and then it will probably be handled by the government of Mali. “FT” points out that the vast majority is spam, but some mistakes can be extremely painful for the US. Mali is not an American ally, but it cooperates quite closely with Russia, which can certainly be very interested in some of the information. So it is not known whether the Mali government is even aware of the case and intends to record the mistakenly sent e-mails of the US military.

Pentagon spokesman Tim Gorman told the newspaper that the Department of Defense is “aware of the problem” and takes “any unauthorized release of controlled national security information” seriously. He added that e-mails sent from addresses in the .mil domain to addresses in Mali are automatically blocked, and the sender receives a notification to check the correctness of the address.