The Pentagon has confirmed that a common typo within the U.S. military has resulted in the misdirection of millions of emails and messages containing sensitive information to Mali, a country in Africa.
The issue stems from the U.S. military's ".MIL" domain name, which is often mistakenly typed as ".ML," the domain for Mali. This mistake has led to the exposure of unclassified but sensitive information, including diplomatic documents, tax returns, passwords, and travel details of top officers.
According to an initial report from the Financial Times, the leak has raised concerns about the potential exploitation of this vulnerability by adversaries of the U.S. Johannes Zuurbier, a Dutch entrepreneur who manages Mali's domain, revealed that he has collected over 117,000 emails from the Pentagon since January alone, and many more in previous years. Zuurbier emphasized the real risk posed by this situation and warned that his 10-year contract to manage Mali's domain is set to expire this week, after which control will be handed over to Mali's government, which has close ties to Russia.
The Pentagon has acknowledged the issue and stated that emails sent outside the ".MIL" domain are typically blocked. In a statement to Fox News, the Pentagon emphasized its commitment to addressing unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information. The Department of Defense has implemented policies, training, and technical controls to prevent emails from the ".MIL" domain from being delivered to incorrect domains. If an email is blocked, the sender is notified and must validate the email addresses of the intended recipients. However, technical controls to prevent the use of personal email accounts for government business are not feasible, so the Department continues to provide guidance and training to personnel in this regard.
This revelation comes shortly after China-based hackers gained access to U.S. government emails through a Microsoft cloud system. Microsoft is currently investigating the source of the breach, and President Biden's administration has pledged to hold those responsible accountable. Last week, Microsoft disclosed that a China-based hacking group, identified as Storm-0558, breached email accounts from approximately 25 organizations, including U.S. government agencies.
The Pentagon's confirmation of the misdirection of sensitive information to Mali highlights the ongoing challenges faced by the U.S. military in safeguarding its digital infrastructure. As the threat landscape continues to evolve, it is imperative for the Department of Defense to remain vigilant and implement robust measures to protect sensitive data from unauthorized access and potential exploitation by adversaries.
Login