Al Mayadeen English

  • Ar
  • Es
  • x
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Features
  • Videos
    • NewsFeed
    • Video Features
    • Explainers
    • TV
    • Digital Series
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Features
Videos
  • NewsFeed
  • Video Features
  • Explainers
  • TV
  • Digital Series
Infographs
In Pictures
  • Africa
  • Asia
  • Asia-Pacific
  • Europe
  • Latin America
  • MENA
  • Palestine
  • US & Canada
BREAKING
Russian Ministry of Defense: 37 Ukrainian drones destroyed in 4 hours over regions of Russia and the Black Sea.
Sheikh Qassem: Our supporters make up more than half of Lebanon's population, and all of these people are united under the banner of protecting Lebanon, its Resistance, its people, and its integrity.
Sheikh Qassem: There will be no phased handing in of our arms. [The Israelis] must first enact the agreement before we start talking about a defensive strategy.
Sheikh Qassem: Be brave in the face of foreign pressures, and we will be by your side in this stance.
Sheikh Qassem: Stripping us of our arms is like stripping us of our very soul, and this will prompt us to show them our might.
Sheikh Qassem: We will not abandon our arms, for they gave us dignity; we will not abandon our arms, for they protect us against our enemy.
Sheikh Qassem: The US efforts we are seeing are aimed at sabotaging Lebanon and constitute a call for sedition.
Sheikh Qassem: If you truly want to establish sovereignty and work for Lebanon’s interests, then stop the aggression.
Sheikh Qassem: The United States, which is meddling in Lebanon, is not trustworthy but rather poses a danger to it.
Sheikh Qassem: The United States is preventing the weapons that protect the homeland.

Typo leaks millions of US military emails to Mali web operator

  • By Al Mayadeen English
  • Source: Financial Times
  • 17 Jul 2023 14:53
  • 2 Shares
7 Min Read

A Dutch internet entrepreneur has in his possession around 117,000 misdirected messages from the US Army, navy, and more.

  • x
  • US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)
    US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)

Millions of US military emails were misdirected to Mali due to a "typo leak" that revealed extremely sensitive information such as diplomatic documents, tax returns, passwords, and top officials' travel data.
 
Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.
 
Johannes Zuurbier, a Dutch internet entrepreneur with a contract to maintain Mali's country name, spotted the problem about a decade ago, and has been collecting misdirected emails since January to persuade the US to take the matter seriously. Around 117,000 misdirected messages are in his possession and almost 1,000 were sent on Wednesday alone. 

Zuurbier keeping emails away from Mali, US does not respond

In a letter to the US in early July, he wrote, "This risk is real and could be exploited by adversaries of the US." Moreover, control of the .ML domain will revert to Mali's government, which is close to Russia, on Monday. Malian authorities will be able to collect the misdirected emails after Zuurbier's 10-year management contract expires. 
 
Zuurbier, the managing director of Mali Dili, an organzation in Amsterdam, has frequently approached US officials, including a defense attaché in Mali, a top advisor to the US national cyber security service, and even White House officials.

Read next: Pentagon refuses to say if leaked data were seized by rivals: Report

The email flow is spam and none are marked as classified, but the messages have highly sensitive data concerning the service of US military personnel, contractors, and their families. 
 
X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records are all part of their contents.

Related News

Trump rules out World War for Kiev, threatens Russia with economic war

Iran pushes diplomacy as Europe threatens sanctions snapback

'How sensitive is the information is what's important': US Army's Cyber Command

A retired American admiral who previously led the National Security Agency and the US Army's Cyber Command, Mike Rogers, stated that "If you have this kind of sustained access, you can generate intelligence even just from unclassified information," adding that "This is not uncommon... It’s not out of the norm that people make mistakes but the question is the scale, the duration, and the sensitivity of the information.”

For example, one misdirected email included the travel plans for General James McConville, the chief of staff of the United States Army, and his delegation for a May visit to Indonesia. The email included a complete list of room numbers, McConville's schedule, and information about picking up McConville's hotel key at the Grand Hyatt Jakarta, where he obtained a VIP upgrade to a grand suite.

Read next: Leaked classified docs undermine US relations, credibility with allies
 
Rogers cautioned that Mali's control over the messages was a problem, explaining that "It's one thing when you're dealing with a domain administrator who is attempting, albeit unsuccessfully, to articulate the issue...It's another thing when it's a foreign government that... sees it as an advantage that they can use."
 
According to Lt. Cmdr Tim Gorman, a Pentagon spokesperson, the Pentagon "is aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously." He explained that the emails sent directly from the .mil domain to Malian addresses “are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients."

How did Zuurbier detect the misdirected emails?

When Zuurbier took over the Mali country code in 2013, he quickly saw requests for domains such as army.ml and navy.ml, which did not exist. He had previously overseen similar operations for Tokelau, the Central African Republic, Gabon, and Equatorial Guinea. Suspecting it was email, he set up a system to catch any such correspondence, which quickly became overburdened and ceased collecting messages.
 
Zuurbier claims that after learning what was going on and seeking legal assistance, he made many attempts to notify US authorities. According to the Financial Times, he handed a copy of the legal advice to his wife "just in case the black helicopters landed in my backyard."
 
In order to enlist the assistance of Dutch diplomats, he joined a trade mission from the Netherlands in 2014. He made another attempt to warn US officials in 2015, but it was futile. Zuurbier resumed collecting misaddressed emails this year in a final attempt to inform the Pentagon.

FBI files leaked

The data flow reveals certain consistent sources of leakage. Emails are frequently misspelled by military travel agencies. Employees sending emails between their own accounts are another issue.
 
One FBI agent with a naval background attempted to transmit six texts to their military email and inadvertently sent them to Mali. One of them was an urgent diplomatic communication from Turkey to the US State Department concerning possible operations by the Kurdistan Workers' Party (PKK) against Turkish interests in the US.
 
When passing notes, one FBI agent frequently mistyped their own email, including a notice from the Turkish embassy in Washington on probable activity by a recognized terrorist group.

The same person also forwarded a series of briefings on domestic US terrorism marked “For Official Use Only” and a global counter-terrorism assessment headlined “Not Releasable to the Public or Foreign Governments.” 
 
Gorman told the FT: “While it is not possible to implement technical controls preventing the use of personal email accounts for government business, the department continues to provide direction and training to DoD personnel.”

What kind of emails were leaked?

A dozen persons requested recovery credentials for an intelligence community system that was accidentally delivered to Mali. Others provided passwords for documents stored on the Department of Defense's secure access file exchange system. The credentials were never used by the FT.

Many of the emails are from commercial firms that work with the US military. General Dynamics gave the army twenty routine reports on the production of grenade training cartridges.

Some emails include passport numbers sent by the state department's special issuances bureau, which grants documents to diplomats and others traveling on official business for the United States.

The Dutch army operates under the domain army.nl, which is one keystroke away from army.ml. More than a dozen emails from serving Dutch forces include discussions with Italian counterparts regarding an ammo pickup in Italy and detailed exchanges about Dutch Apache helicopter operators in the United States. Others included conversations about future military procurement possibilities and a protest about the probable vulnerability of a Dutch Apache unit to cyber attack.

Eight emails from the Australian Department of Defense were misdirected to US recipients. An artillery manual "carried by command post officers for each battery" was among those.

  • United States
  • US military
  • Finland
  • Mali
  • Mali Dili

Most Read

Almost instantly after the Helsinki Accords were signed, organisations sprouted to document purported violations, whose findings were fed to overseas embassies for international amplification. (Al Mayadeen English; Illustrated by Zeinab el-Hajj)

How ‘Human Rights’ became a Western weapon

  • Opinion
  • 23 Aug 2025
Israeli soldiers stand on the top of armoured vehicles parked on an area near the Israeli-Gaza border, as seen from southern Israel, Wednesday, Aug. 20, 2025 (AP)

Palestinian fighters target Israeli soldiers, vehicles in Gaza

  • Politics
  • 21 Aug 2025
Launch of a ballistic missile from Yemen toward the occupied Palestinian territories. (YAF military media)

Yemeni Forces announce firing hypersonic missile at Al-Lydd Airport

  • Politics
  • 22 Aug 2025
The ‘Arab Façade’ for Israeli occupation in Gaza

The ‘Arab Façade’ for Israeli occupation in Gaza

  • Opinion
  • 23 Aug 2025

Coverage

All
The Ummah's Martyrs

Read Next

All
A scene showing an al-Qassam Brigades fighter during an ambush on July 7, 2025, in a video released by the al-Qassam Brigades on August 26, 2025 (al-Qassam Brigades Military Media)
Politics

Al-Qassam reveals Beit Hanoun ambush targeting Israeli forces

A Palestinian youth stands on a hill overlooking IsraelI Ofer Prison, near the West Bank city of Ramallah, Wednesday, July 3, 2024. (AP)
Politics

77 Palestinian prisoners killed in Israeli prisons since October 7

US Ambassador to Turkey and Special Envoy to Syria Tom Barrack speaks during a joint press conference with US deputy special envoy for Middle East peace Morgan Ortagus at the presidential palace in Baabda, Lebanon, Tuesday, August 26, 2025 (AP)
Politics

US envoy Barrack calls Lebanese journalists 'animalistic"'

Tom Barrack's imperial tantrum in Beirut: When entitlement speaks (Photo by Mahdi Rtail)
Politics

Tom Barrack's imperial tantrum in Beirut: When entitlement speaks

Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • x
  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS