A simple typo means millions of emails meant for the U.S. military are about to fall into the hands of Mali, a pro-Russia state in West Africa, the Financial Times reported on Monday.
The so-called “typo leak” is the result of people misspelling the suffix used at the end of all U.S. military email addresses: While the military uses .MIL, the country identifier for Mali is .ML.
For the 10 years ending on Monday, .ML was managed by Dutch entrepreneur Johannes Zuurbier, who was contracted to look after the domain after taking on similar contracts in Tokelau, the Central African Republic, Gabon and Equatorial Guinea.
However, now that his 10-year domain management contract has expired, the Malian government will be able to gather all of the emails that were accidentally misdirected over the past decade, according to the FT.
Mali’s government did not respond to Fortune’s request for comment.
Many of the misdirected emails came from internal sources, according to the FT, with travel agents working for the military, private contractors, and staff regularly misspelling .MIL in official communications.
None of the messages Zuurbier received during his oversight of .ML were marked as classified, and many of them were spam, the FT noted—but some included personal information about military contractors, serving personnel, and employees’ families.
This included medical data, passport details, crew lists, photos of bases, details of internal investigations, and travel plans, according to the news outlet.
According to the report, one FBI agent who was trying to send six messages to their own military email address accidentally sent them to Mali. These emails included a letter from a Turkish diplomat about possible militant activity as well as several briefings on domestic terrorism.
Some of the messages came with disclaimers ranging from “For Official Use Only” to “Not Releasable to the Public or Foreign Governments,” the FT reported.
Other employees accidentally sent password recovery requests to Mali, according to the report, while others sent passwords needed to access Department of Defense documents to the wrong address.
Aware of the issue
Lt. Cmdr. Tim Gorman, a spokesman for the Pentagon, told Fortune on Monday that the Department of Defense (DoD) is aware of the issue and took all unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously.
“DoD has implemented policy, training, and technical controls to ensure that emails from the “.mil” domain are not delivered to incorrect domains,” he said. “Such emails are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients.”
Gorman added: “While it is not possible to implement technical controls preventing the use of personal email accounts for government business, the Department continues to provide direction and training to DoD personnel.”
‘This risk is real’
Zuurbier told the FT that since the beginning of the year, he had been gathering emails mistakenly sent to Mali in a bid to convince American authorities to address the problem. He has collected more than 110,000 messages, the FT reported.
“This risk is real and could be exploited by adversaries of the U.S.,” he reportedly wrote in a letter to officials earlier this month—just one of several attempts he has reportedly made to engage authorities on the matter.
After realizing what was happening when he took over the .ML domain in 2013, Zuurbier sought legal advice, joined a 2014 trade mission from the Netherlands to ask for help from Dutch diplomats, and sought to alert U.S. authorities on a separate occasion in 2015, it was reported.
Russian intervention ‘worsening security’ in Africa
Mali, a landlocked West African nation, has a long history of armed rebellion, extremist activity, and military dictatorship. The military council that seized control of the country in 2020 is led by Colonel Assimi Goïta, who is currently serving as Mali’s interim president.
While relations with the West—including the U.S.—have worsened as the country has been engulfed by violence, Mali has continued to strengthen its ties to Russia. The Kremlin stepped in to provide assistance in the mineral-rich country’s ongoing fight against Islamist extremist insurgencies, leading to Russian Foreign Minister Sergey Lavrov—a member of Russian President Vladimir Putin’s inner circle—receiving a top honor in Mali earlier this year.
Washington has voiced concern about Moscow’s growing influence in Mali and the surrounding region, while the U.N. has said the alliance—which involves the use of mercenaries—may have led to possible war crimes.
“Where Wagner’s been present, bad things inevitably follow,” U.S. Secretary of State Anthony Blinken warned at a March briefing in Niger’s capital Niamey. “We’ve seen countries find themselves weaker, poorer, more insecure, less independent as a result of their association with Wagner. We’ve also seen Wagner engage in the exploitation of natural resources, bringing corruption with it, bringing violence with it—overall worsening security, not improving it.”
However, Mali’s government has defended its ties to Russia.
Following the failed rebellion by the mercenary Wagner Group in Russia earlier this month, however, it remains unclear whether Russia’s military assistance will continue in Mali—Moscow had enlisted Wagner troops to stave off jihadist fighters in the country.
