The U.S. military has confirmed a widespread typo that has caused millions of sensitive emails and messages to be redirected to Mali, a country in West Africa and a Russian ally.
The issue arises from the mistyping of the “.MIL” domain used for military emails as “.ML,” the domain for Mali.
As a result, unclassified but sensitive information, including diplomatic documents, tax returns, passwords, and travel details of top officers, has been exposed.
The Pentagon has acknowledged the problem and stated that measures are in place to block emails sent outside the “.MIL” domain.
The misdirected emails and messages, containing sensitive information, have been inadvertently sent to a company operating Mali’s internet domain.
This leak has resulted in the exposure of classified information that should have remained within the secure military network.
A Dutch entrepreneur managing Mali’s domain, Johannes Zuurbier, has reported collecting over 117,000 emails from the Pentagon since January alone, underscoring the extent of the issue.
The leaked information could be exploited by adversaries of the United States, compromising diplomatic relations, compromising the safety of military personnel, and posing cybersecurity threats.
In response to the widespread typo that led to sensitive emails being misdirected to Mali, the Pentagon has taken steps to address the issue.
They acknowledged that emails sent outside the “.MIL” domain have been generally blocked as a precautionary measure.
While technical controls cannot prevent the use of personal email accounts for government business, the Pentagon continues to provide direction and training to personnel.
The Department of Defense Chief Information Officer is currently overseeing the matter to ensure that policies, training, and technical controls are in place to safeguard sensitive information.
The incident comes in the wake of recent cyberattacks, such as the breach of U.S. government emails by a China-based hacking group through a Microsoft cloud system.
Meanwhile, President Biden’s administration has vowed consequences for those responsible for the hacking.
