Login
iscover
A common spelling error has threatened to expose sensitive US military information, with millions of misspelled US defence email addresses accidentally sent to Mali.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
According to a report first detailed in the Financial Times, millions of United States military emails have been sent to email addresses registered in Mali rather than their intended recipients in the US military.
The misdirected emails arose from a common typo in email addresses, where emails were incorrectly written with the domain “.ml”, denoting Mali’s internet domain, as opposed to the United States’ military domain of “.mil”.
Reports have outlined that eight emails from the Australian Department of Defence have been included in the misdirected correspondences, reportedly including emails detailing F-35 corrosion challenges.
Up to 117,000 emails have been sent to Mali since January, where they are received by the domain’s manager Johannes Zuurbier who has informed an array of US government and military representatives about the threat posed by the common typo.
The problem was discovered by the privately contracted domain manager nearly 10 years ago.
In mid-July, Zuurbier received nearly 1,000 incorrectly written emails in a single day, the Financial Times reported.
Concerns are expected to expound over coming days, with Zuurbier’s contract for the management of Mali’s domain expiring on Monday.
Upon the completion of the contract, the government of Mali would then take receipt of the “.ml” designated emails.
Deputy Pentagon Press Secretary Sabrina Singh explained that Department of Defense emails directed to a “.ml” domain will bounce back to the sender.
“From when we had our first unauthorised disclosure from earlier this year, we’ve implemented policy and training mechanisms and put them in place,” Singh outlined at a press briefing.
“And in terms of what we have here on the DOD systems is that when you send an email from a DOD email address, and you send it to a .ml email address, it will bounce back.”
While they have implemented control procedures for Defence emails, US Defense could not account for information transmitted through private email addresses.
“If an email was sent from a personal Gmail or Yahoo account that did likely go through to the .ml account, all we can do is account for our DOD assets, and ours remain intact,” Singh continued.
Despite none of the emails marked as classified, the emails included important information for the United States military.
Singh noted that none of the emails were from Department of Defense email addresses.
Facility maps, diplomatic correspondences, naval inspection reports, investigations into bullying and planning documents are among the emails collected by Zuurbier.
