Al Mayadeen English

  • Ar
  • Es
  • x
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Features
  • Videos
    • NewsFeed
    • Video Features
    • Explainers
    • TV
    • Digital Series
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Features
Videos
  • NewsFeed
  • Video Features
  • Explainers
  • TV
  • Digital Series
Infographs
In Pictures
  • Africa
  • Asia
  • Asia-Pacific
  • Europe
  • Latin America
  • MENA
  • Palestine
  • US & Canada
BREAKING
Al Mayadeen's correspondent: One was killed, another injured in a raid by an Israeli drone on the city of Khiam in South Lebanon
London views possibility of setting fire to tanker in port of friendly country to Russia to damage port infrastructure, initiate an international probe: Moscow
One of London's scenarios involves setting up accident with 'undesirable' tanker in one of the bottlenecks of maritime communications: Russian foreign intelligence agency
London plans to organize major sabotage with tankers to declare transportation of Russian oil to international shipping: Russian foreign intelligence agency
UK intelligence agencies plan to use NATO allies to launch massive raid on 'Shadow Fleet': Russian foreign intelligence agency
Palestinian Ministry of Health: Two were martyred in Israeli shelling that targeted a besieged house in the town of Qabatiya in Jenin
At least 68 dead in migrant shipwreck off Yemen: IOM
Trump: We want to feed the people in Gaza, we do not want them to starve.
US President Donald Trump: We will impose sanctions on Russia if it does not end the war on Ukraine.
Israeli media: Polls show that 52% oppose Prime Minister Benjamin Netanyahu while only 29% support him.

Typo leaks millions of US military emails to Mali web operator

  • By Al Mayadeen English
  • Source: Financial Times
  • 17 Jul 2023 14:53
  • 2 Shares
7 Min Read

A Dutch internet entrepreneur has in his possession around 117,000 misdirected messages from the US Army, navy, and more.

  • x
  • US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)
    US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)

Millions of US military emails were misdirected to Mali due to a "typo leak" that revealed extremely sensitive information such as diplomatic documents, tax returns, passwords, and top officials' travel data.
 
Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.
 
Johannes Zuurbier, a Dutch internet entrepreneur with a contract to maintain Mali's country name, spotted the problem about a decade ago, and has been collecting misdirected emails since January to persuade the US to take the matter seriously. Around 117,000 misdirected messages are in his possession and almost 1,000 were sent on Wednesday alone. 

Zuurbier keeping emails away from Mali, US does not respond

In a letter to the US in early July, he wrote, "This risk is real and could be exploited by adversaries of the US." Moreover, control of the .ML domain will revert to Mali's government, which is close to Russia, on Monday. Malian authorities will be able to collect the misdirected emails after Zuurbier's 10-year management contract expires. 
 
Zuurbier, the managing director of Mali Dili, an organzation in Amsterdam, has frequently approached US officials, including a defense attaché in Mali, a top advisor to the US national cyber security service, and even White House officials.

Read next: Pentagon refuses to say if leaked data were seized by rivals: Report

The email flow is spam and none are marked as classified, but the messages have highly sensitive data concerning the service of US military personnel, contractors, and their families. 
 
X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records are all part of their contents.

Related News

UK, NATO plotting sabotage of Russian oil tankers, says SVR

Clashes erupt in Deir Hafer between SDF, Syrian army factions

'How sensitive is the information is what's important': US Army's Cyber Command

A retired American admiral who previously led the National Security Agency and the US Army's Cyber Command, Mike Rogers, stated that "If you have this kind of sustained access, you can generate intelligence even just from unclassified information," adding that "This is not uncommon... It’s not out of the norm that people make mistakes but the question is the scale, the duration, and the sensitivity of the information.”

For example, one misdirected email included the travel plans for General James McConville, the chief of staff of the United States Army, and his delegation for a May visit to Indonesia. The email included a complete list of room numbers, McConville's schedule, and information about picking up McConville's hotel key at the Grand Hyatt Jakarta, where he obtained a VIP upgrade to a grand suite.

Read next: Leaked classified docs undermine US relations, credibility with allies
 
Rogers cautioned that Mali's control over the messages was a problem, explaining that "It's one thing when you're dealing with a domain administrator who is attempting, albeit unsuccessfully, to articulate the issue...It's another thing when it's a foreign government that... sees it as an advantage that they can use."
 
According to Lt. Cmdr Tim Gorman, a Pentagon spokesperson, the Pentagon "is aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously." He explained that the emails sent directly from the .mil domain to Malian addresses “are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients."

How did Zuurbier detect the misdirected emails?

When Zuurbier took over the Mali country code in 2013, he quickly saw requests for domains such as army.ml and navy.ml, which did not exist. He had previously overseen similar operations for Tokelau, the Central African Republic, Gabon, and Equatorial Guinea. Suspecting it was email, he set up a system to catch any such correspondence, which quickly became overburdened and ceased collecting messages.
 
Zuurbier claims that after learning what was going on and seeking legal assistance, he made many attempts to notify US authorities. According to the Financial Times, he handed a copy of the legal advice to his wife "just in case the black helicopters landed in my backyard."
 
In order to enlist the assistance of Dutch diplomats, he joined a trade mission from the Netherlands in 2014. He made another attempt to warn US officials in 2015, but it was futile. Zuurbier resumed collecting misaddressed emails this year in a final attempt to inform the Pentagon.

FBI files leaked

The data flow reveals certain consistent sources of leakage. Emails are frequently misspelled by military travel agencies. Employees sending emails between their own accounts are another issue.
 
One FBI agent with a naval background attempted to transmit six texts to their military email and inadvertently sent them to Mali. One of them was an urgent diplomatic communication from Turkey to the US State Department concerning possible operations by the Kurdistan Workers' Party (PKK) against Turkish interests in the US.
 
When passing notes, one FBI agent frequently mistyped their own email, including a notice from the Turkish embassy in Washington on probable activity by a recognized terrorist group.

The same person also forwarded a series of briefings on domestic US terrorism marked “For Official Use Only” and a global counter-terrorism assessment headlined “Not Releasable to the Public or Foreign Governments.” 
 
Gorman told the FT: “While it is not possible to implement technical controls preventing the use of personal email accounts for government business, the department continues to provide direction and training to DoD personnel.”

What kind of emails were leaked?

A dozen persons requested recovery credentials for an intelligence community system that was accidentally delivered to Mali. Others provided passwords for documents stored on the Department of Defense's secure access file exchange system. The credentials were never used by the FT.

Many of the emails are from commercial firms that work with the US military. General Dynamics gave the army twenty routine reports on the production of grenade training cartridges.

Some emails include passport numbers sent by the state department's special issuances bureau, which grants documents to diplomats and others traveling on official business for the United States.

The Dutch army operates under the domain army.nl, which is one keystroke away from army.ml. More than a dozen emails from serving Dutch forces include discussions with Italian counterparts regarding an ammo pickup in Italy and detailed exchanges about Dutch Apache helicopter operators in the United States. Others included conversations about future military procurement possibilities and a protest about the probable vulnerability of a Dutch Apache unit to cyber attack.

Eight emails from the Australian Department of Defense were misdirected to US recipients. An artillery manual "carried by command post officers for each battery" was among those.

  • United States
  • US military
  • Finland
  • Mali
  • Mali Dili

Most Read

A rescued crew member from the ETERNITY C vessel in a video released by the Yemeni Armed Forces on July 28, 2025 (Yemeni Military Media)

Yemen Navy reveals fate of targeted Eternity C ship crew

  • Politics
  • 28 Jul 2025
An Israeli tank explodes following an ambush by al-Qassam Brigades in Gaza, Occupied Palestine, undated (Al-Qassam Military Media)

Al-Qassam strikes Israeli vehicles in Gaza, inflicts casualties

  • Politics
  • 30 Jul 2025
UAE lodges complaint against Israeli ambassador over 'misbehavior'

UAE lodges complaint against Israeli ambassador over 'misbehavior'

  • Politics
  • 1 Aug 2025
Protesters chant anti-Israeli slogans as they carry a banner that reads:" Freedom for Palestine, Alliance stop the war," during a demonstration in support of Palestinians in Gaza, outside the Israeli embassy, in Athens, Monday, June 9, 2025 (AP)

Athens mayor slams Israeli ambassador over Gaza war, graffiti claim

  • Politics
  • 3 Aug 2025

Coverage

All
The Ummah's Martyrs

Read Next

All
A member of the al-Qassam Brigades, the armed wing of Hamas, takes part in a parade as he celebrates a ceasefire agreement between Hamas and the Israeli regime in Deir al-Balah, Gaza Strip, Sunday, January 19, 2025 (AP)
Politics

Al-Qassam: We’ll allow aid to Israeli captives if Gaza siege ends

Freed Lebanese freedom fighter Georges Abdallah during an interview on Al Mayadeen, which aired on Sunday, August 3, 2025 (Al Mayadeen screengrab)
Politics

Exclusive: Resistance key to building state, Georges Abdallah says

United Nations Secretary General Antonio Guterres gives a statement about the situation in Gaza at UN headquarters, Friday, June 27, 2025 (AP)
Politics

UN warns Gaza faces water crisis, looming famine under Israeli siege

Israeli soldiers drive their armored personnel carrier along the Gaza Strip, in southern occupied Palestine, Wednesday, July 30, 2025 (AP)
Politics

Ex-Israeli general says Gaza starvation campaign isolated 'Israel'

Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • x
  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS