massive leak of US military mail due to a typo

Incorrect domain suffix entry resulted in millions of US military emails being sent to domain Mali (.ml) instead of the correct .mil suffix, according to Johannes Zurbier, the Dutch internet entrepreneur who runs the domain, in interview financial times.

Although most of these emails are spam and contain no classified information, some of them include sensitive data, including medical reports, identity information, base crew and personnel lists, naval inspection reports, and other data. Zurbier, who runs the Amsterdam company Mali Dili, has repeatedly approached the US authorities with the problem of unauthorized information leakage.

The .ml domain will be taken over by the Malian government, which the Financial Times describes as a close ally of Russia, after Zurbier’s 10-year contract ends on July 17. This means that the Mali authorities will be able to access all emails sent to their domain by mistake.

Pentagon spokesman Lt. Col. Tim Gorman says the agency is aware of the problem and is implementing measures to block emails sent to Malian addresses before they leave the .mil domain. This informs senders to verify the email addresses of intended recipients.

However, the problem with typos in domains has affected not only the US army, but also the Netherlands, whose army.nl domain differs in just one character from the Malian military domain army.ml. In addition, the Mali government received eight letters from the Australian Department of Defense destined for the US, including information about corrosion on Australian F-35 fighter jets.