NewsNation

Typo reroutes military emails to Russian ally

(NewsNation) — A simple typo could have sent national security information as military emails were mistakenly sent to Mali, a Russian ally, and the problem has been going on for a decade.

Millions of emails were misdirected when people used the domain suffix .ml instead of .mil, which is used in all military email addresses. While the military has the .mil domain, .ml belongs to Mali, which has a Russian presence thanks to the mercenary Wagner Group, which has used the country to route supplies to Ukraine.


First reported in the Financial Times, the issue isn’t a new one. Johannes Zuurbier, an internet entrepreneur who was contracted to manage Mali’s country domain, said he had received tens of thousands of misdirected emails since 2013.

When Zuurbier’s contract ended, the government of Mali gained access to those emails. Zuurbier set up a system to catch the emails that were routed to non-existent domains, like army.ml and reportedly tried to warn the U.S. government of the issue for years.

While classified information is sent on separate servers and does not appear to have been affected, there were still emails with sensitive information, including medical information, passwords and itineraries for senior officers.

According to Deputy Pentagon Press Secretary Sabrina Singh, none of the emails were sent from within the military but came from outside accounts, including Gmail and Yahoo addresses.

While the information might not have immediate security impacts, it could still be used to establish dossiers on military officials for the purpose of attempting to recruit them for espionage or otherwise manipulating them.

The Pentagon said it was aware of the issue and working on solutions, including blocking emails sent to incorrect domains and requiring users to validate addresses. Those fixes would only apply to emails sent within the Department of Defense system and would not impact misdirected emails sent from outside agencies or civilians.