It turned out that millions of emails containing confidential information of the US military were leaked to Mali, West Africa due to ``typos in email address''



When sending an e-mail for the first time to a person who is not registered as a contact, some people may have experienced that the e-mail could not be sent correctly due to a typo in the e-mail address. Due to a typo in such an email address, ``A large amount of emails containing confidential information of the US military are leaking to

Mali , West Africa, which is connected to Russia,'' reported the financial newspaper Financial Times.

Typo leaks millions of US military emails to Mali web operator | Financial Times
https://www.ft.com/content/ab62af67-ed2a-42d0-87eb-c762ac163cf0



Common typo causes millions of emails intended for members of the US military to be sent to accounts in Mali | CNN Politics
https://edition.cnn.com/2023/07/17/politics/email-typos-mali-military-emails/index.html

'Millions' of sensitive US military emails were reportedly sent to Mali due to a typo - The Verge
https://www.theverge.com/2023/7/17/23797379/mali-ml-typo-us-military-emails-leak

The Internet domain '.mil', owned by the US military, is used at the end of official email addresses for Department of Defense personnel and military personnel. However, there seems to be a case where the ``.mil'' at the end is mistakenly typed when sending an email, and the email is sent as ``.ml'', which is the country identifier for Mali.

Johannes Zurbier, a Dutchman who runs a company that signs a management contract for the '.ml' domain, warns about this situation. Requests to non-existent domains such as 'navy.ml' and 'army.ml' have been going on for more than 10 years, and it is believed that more than millions of emails have been sent incorrectly so far. Mr. Zurvia once said that he built a system to detect emails to the wrong '.ml' domain, but had to stop the system because too many emails were caught.

Since 2013, Mr. Zurbia has alerted various officials to the problem, including the US Embassy in Mali. However, the company's ``.ml'' domain management contract expired on July 17, 2023, and from now on, the Mali authorities will be able to access the erroneously sent email, so we will announce it to the media and recognize the problem. He thought that it was necessary to increase the



The Financial Times reports that the misdirected emails were sent not only by US Department of Defense officials, but also by US intelligence agencies, travel agencies working with the military, and private contractors. The emails also contained sensitive information such as medical records, identification information, lists of staff working on military bases, photos of military bases, Navy survey reports, lists of sailors on military ships, and tax records.

Among them were emails written by US Army Chief of Staff

James McConville about his itinerary for a visit to Indonesia in May, including a 'complete list of room numbers to stay' and 'Mr. McConville at the Grand Hyatt Jakarta.' It also included details about the room key where he stayed.

In recent years, it has been pointed out that Mali, a West African country, is rapidly approaching Russia against the backdrop of the rise of Islamic extremism in the country. reportedly planned. The Russian government has vowed to continue Wagner's activities in Mali after an uprising called by Wagner founder Evgeny Prigozhin . Therefore, leaking US military emails to Malian domains could pose a serious security risk.



Sabrina Singh, Deputy Press Secretary of the US Department of Defense, said on July 17 that none of the leaked emails were sent from the Department of Defense's official email address, but as a precautionary measure, the official email address was ``.ml''. Report blocked from sending mail to the domain. All leaked emails were sent from personal accounts such as Gmail and Yahoo!, and the Department of Defense recommends not using personal email addresses for official business.

'The Department of Defense is aware of this issue and has no control over national security or unclassified information,' said Tim Gorman, a spokesman for the U.S. Department of Defense , in a statement to foreign media outlets CNN and The Verge. We take the unauthorized disclosure of '.mil' domains seriously.' But Gorman also acknowledged that if a third party, such as a private contractor, mistyped an email address, the Pentagon can't control the misdelivery.

CNN said, 'This misdirected email has exposed to U.S. national security officials the security risks that can arise from innocent typos. It could be used for cyberattacks and tracking Pentagon officials.' However, at the time of writing the article, no evidence was found that the information contained in the erroneously sent email was actually abused.

in Security, Posted by log1h_ik