NATIONAL NEWS

Common typo causes millions of emails intended for members of the US military to be sent to accounts in Mali

Jul 17, 2023, 2:58 PM

In this March 2022 photo, the Pentagon is seen from Air Force One as it flies over Washington, DC.
...

In this March 2022 photo, the Pentagon is seen from Air Force One as it flies over Washington, DC. (Patrick Semansky/AP)

(Patrick Semansky/AP)

(CNN) — Millions of emails intended for Pentagon employees were inadvertently sent to email accounts in Mali over the last decade because of typos caused by the similarity of the US military’s email address and the domain for the West African country, according to a Dutch technologist who discovered the problem.

In some cases, sensitive information like hotel reservations for senior US military officials were revealed.

The emails were intended for owners of “.MIL” email accounts – the internet domain owned by the US military – but because of typos they were instead sent to the .ML domain, which handles email accounts in the West African country of Mali.

The email mishap reveals the security risks to US national security officials that can arise from an innocent typo. The personal information in the emails could be used to conduct targeted cyberattacks or to track the movements of Pentagon personnel – although there’s no evidence that happened in this case.

The Financial Times first reported on the issue.

Johannes “Joost” Zuurbier, a Dutch internet entrepreneur, received the emails because his company was contracted to manage the .ML domain. Since 2013, Zuurbier said, he has raised the issue with various US officials, including the US Embassy in Mali earlier this year.

“Yes, I was concerned, still am!” Zuurbier said in an email to CNN when asked about possible security risks and the misdirected emails.

Zuurbier’s contract to manage the .ML domain expired last week, he said, prompting him to raise awareness of the issue in the media.

None of the leaked emails were sent from official Department of Defense email addresses, but the department has blocked its email accounts from emailing .ml email addresses as a precaution, Deputy Pentagon Press Secretary Sabrina Singh said Monday.

She added that the “only thing that went through” were emails from personal accounts, like a Gmail or Yahoo account. The department strongly discourages using personal email accounts for official business, Singh said.

“The Department of Defense (DoD) is aware of this issue and takes all unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously,” Lt. Cmdr. Tim Gorman said in a statement to CNN earlier on Monday.

The misdirected emails have grown less frequent in recent years, but still come by the hundreds per day, Zuurbier said. Many of the emails are spam, but some are sensitive.

One of the misdirected emails contained hotel room numbers for the Army chief of staff, Gen. James McConville, and his entourage on a trip they took in May to Indonesia.

And while the US government can’t prevent outside users from mistyping emails intended for the government, some of those making the typos were US government employees.

One email in Zuurbier’s stash is from an FBI agent and intended for a US Navy official, asking for personal information to process a Navy visitor to an FBI facility. The FBI agent uses the .ml domain.

CNN has requested comment from the Army and the FBI. The Navy declined to comment.

The Defense Department “has implemented policy, training, and technical controls to ensure that emails from the ‘.mil’ domain are not delivered to incorrect domains,” Gorman said in his statement.

“While it is not possible to implement technical controls preventing the use of personal email accounts for government business, the Department continues to provide direction and training to DoD personnel,” the statement continued.

The Pentagon has no control over whether third parties incorrectly type defense personnel’s email addresses, Gorman told CNN when asked about the matter.

This isn’t the first time this year that the US military has had to deal with an inadvertent email leak.

A trove of internal US Special Operations Command emails were publicly available online for about two weeks in February because of an IT misconfiguration. The Pentagon fixed the issue after a private security researcher discovered the leak.


The-CNN-Wire™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

KSL 5 TV Live

National News

U.S. Center for SafeSport CEO Ju’Riese Colón testifies during The Commission on the State of U.S...

EDDIE PELLS

Fired US Center for SafeSport investigator arrested on new charges

An ex-cop fired from his job as an investigator at the U.S. Center for SafeSport for allegedly stealing money seized at a drug bust has been arrested again, this time charged with rape and sex trafficking.

3 hours ago

Two donuts and a cup of coffee rest on a counter at a Dunkin' location, Friday, Jan.10, 2025, in De...

MARGERY A. BECK

Some states not running on Dunkin’ doughnuts due to supply shortage

Dunkin’ dropped the “Donuts” from its brand name years ago. Now — at least across Nebraska, New Mexico, and some other states — it doesn’t have doughnuts on the shelves either.

5 hours ago

Homes along Pacific Coast Highway are seen burn out from the Palisades Fire, Sunday, Jan. 12, 2025,...

CHRISTOPHER WEBER and HOLLY RAMER

24 dead as fire crews try to corral Los Angeles blazes before winds return

At least 16 people were missing, and authorities said that number was expected to rise.

6 hours ago

A Kohl's store is shown in Indianapolis, Thursday, April 2, 2020. (AP Photo/Michael Cnroy, File)...

ANNE D’INNOCENZIO

Kohl’s to close 27 stores by April as stores works to improve sales

Kohl’s said Friday it was closing 27 underperforming locations in 15 states by April — a fraction of its 1,150 store base — as the struggling department store chain aims to boost profitability and improve sagging sales.

8 hours ago

Italian Justice Minister Carlo Nordio in Rome on Wednesday. (Roberto Monaldo/LaPresse/Shutterstock ...

Sharon Braithwaite, Christian Edwards and Adam Pourahmadi, CNN

Italy releases Iranian businessman wanted by US over drone attack that killed Americans

Iranian businessman Mohammad Abedini, who was detained in Italy at the request of the United States following a drone attack that killed three Americans, has been released.

11 hours ago

The Best Friend Animal Society Sanctuary and Pet Adoption Center are housing displaced shelter pets...

Carlysle Price

Utah pet shelters house Southern California pets amid wildfires, ask locals to adopt

Utah pet shelters opened their doors to Southern California animals in need of a safe place to stay. Now, they're asking Utahns to do the same.

11 hours ago

Sponsored Articles

holiday gift basket with blue tissue paper and gingerbread cookies...

Kneaders Bakery & Cafe

Holiday hacks for a stress-free season

Get more out of your time with family and loved ones over the holidays by following these tips for a stress-free season.

2 computer techs in a computer shop holding up a computer server with the "hang loose" sign...

PC Laptops

A comprehensive guide to choosing the right computer

With these tips, choosing the right computer that fits your needs and your budget will be easier than ever.

crowds of people in a German style Christmas market...

This Is The Place Heritage Park

Celebrate Christkindlmarket at This Is The Place Heritage Park!

The Christkindlmarket is an annual holiday celebration influenced by German traditions and generous giving.

Image of pretty woman walking in snowy mountains. Portrait of female wearing warm winter earmuff, r...

Lighting Design

Brighten your mood this winter with these lighting tricks

Read our lighting tips on how to brighten your mood in the winter if you are experiencing seasonal affective disorder.

A kitchen with a washer and dryer and a refrigerator...

Appliance Man

Appliance Man: a trusted name in Utah’s home appliance industry

Despite many recent closures of local appliance stores, Appliance Man remains Utah's trusted home appliance business and is here to stay.

abstract vector digital social network technology background...

Les Olson

Protecting yourself against social engineering attacks

Learn more about the common types of social engineering to protect your online or offline assets from an attack.

Common typo causes millions of emails intended for members of the US military to be sent to accounts in Mali