Al Mayadeen English

  • Ar
  • Es
  • x
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Features
  • Videos
    • NewsFeed
    • Video Features
    • Explainers
    • TV
    • Digital Series
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Features
Videos
  • NewsFeed
  • Video Features
  • Explainers
  • TV
  • Digital Series
Infographs
In Pictures
  • Africa
  • Asia
  • Asia-Pacific
  • Europe
  • Latin America
  • MENA
  • Palestine
  • US & Canada
BREAKING
Iranian Foreign Ministry spokesperson: No new date or venue has been set for the meeting between Araghchi and Witkoff, and no negotiations will take place until the outcome is guaranteed
Palestinian platforms: Settlers storm Al-Aqsa Mosque complex under the protection of the occupation police
Palestinian platforms: The IOF detonated a booby-trapped robot east of the al-Zaytoun neighborhood, south of Gaza City
Syrian Defense: We call on all parties in Sweida to cooperate with security forces and exercise restraint
Al Mayadeen's correspondent: The Lebanese Army is continuing its investigations and will later announce any information that does not affect the confidentiality of the investigation
Al Mayadeen's correspondent: It has not yet been determined whether the detainees belong to ISIS or another organization
Al Mayadeen's correspondent: Around 10 people of different nationalities, including Lebanese nationals, were detained
Al Mayadeen's correspondent: The Lebanese army arrested a number of people in the Matn area of Mount Lebanon with possession it has not disclosed
Gaza Civil Defense spokesman: We have strong indications that there are martyrs, injuries, and trapped people in the Salah al-Din area
Gaza Civil Defense spokesman: Citizens should avoid Salah al-Din Street because anyone who approaches it is at risk of being directly targeted

Typo leaks millions of US military emails to Mali web operator

  • By Al Mayadeen English
  • Source: Financial Times
  • 17 Jul 2023 14:53
  • 2 Shares
7 Min Read

A Dutch internet entrepreneur has in his possession around 117,000 misdirected messages from the US Army, navy, and more.

  • x
  • US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)
    US soldiers monitor battlefield conditions at a joint US-Afghan military command center in Ghazni province, west of Kabul, Afghanistan on Thursday, June 21, 2007. (AP)

Millions of US military emails were misdirected to Mali due to a "typo leak" that revealed extremely sensitive information such as diplomatic documents, tax returns, passwords, and top officials' travel data.
 
Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.
 
Johannes Zuurbier, a Dutch internet entrepreneur with a contract to maintain Mali's country name, spotted the problem about a decade ago, and has been collecting misdirected emails since January to persuade the US to take the matter seriously. Around 117,000 misdirected messages are in his possession and almost 1,000 were sent on Wednesday alone. 

Zuurbier keeping emails away from Mali, US does not respond

In a letter to the US in early July, he wrote, "This risk is real and could be exploited by adversaries of the US." Moreover, control of the .ML domain will revert to Mali's government, which is close to Russia, on Monday. Malian authorities will be able to collect the misdirected emails after Zuurbier's 10-year management contract expires. 
 
Zuurbier, the managing director of Mali Dili, an organzation in Amsterdam, has frequently approached US officials, including a defense attaché in Mali, a top advisor to the US national cyber security service, and even White House officials.

Read next: Pentagon refuses to say if leaked data were seized by rivals: Report

The email flow is spam and none are marked as classified, but the messages have highly sensitive data concerning the service of US military personnel, contractors, and their families. 
 
X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records are all part of their contents.

Related News

Senate blames Secret Service failures for Trump assassination attempt

South Korea warns US chip tariffs threaten economy, global supply

'How sensitive is the information is what's important': US Army's Cyber Command

A retired American admiral who previously led the National Security Agency and the US Army's Cyber Command, Mike Rogers, stated that "If you have this kind of sustained access, you can generate intelligence even just from unclassified information," adding that "This is not uncommon... It’s not out of the norm that people make mistakes but the question is the scale, the duration, and the sensitivity of the information.”

For example, one misdirected email included the travel plans for General James McConville, the chief of staff of the United States Army, and his delegation for a May visit to Indonesia. The email included a complete list of room numbers, McConville's schedule, and information about picking up McConville's hotel key at the Grand Hyatt Jakarta, where he obtained a VIP upgrade to a grand suite.

Read next: Leaked classified docs undermine US relations, credibility with allies
 
Rogers cautioned that Mali's control over the messages was a problem, explaining that "It's one thing when you're dealing with a domain administrator who is attempting, albeit unsuccessfully, to articulate the issue...It's another thing when it's a foreign government that... sees it as an advantage that they can use."
 
According to Lt. Cmdr Tim Gorman, a Pentagon spokesperson, the Pentagon "is aware of this issue and takes all unauthorized disclosures of controlled national security information or controlled unclassified information seriously." He explained that the emails sent directly from the .mil domain to Malian addresses “are blocked before they leave the .mil domain and the sender is notified that they must validate the email addresses of the intended recipients."

How did Zuurbier detect the misdirected emails?

When Zuurbier took over the Mali country code in 2013, he quickly saw requests for domains such as army.ml and navy.ml, which did not exist. He had previously overseen similar operations for Tokelau, the Central African Republic, Gabon, and Equatorial Guinea. Suspecting it was email, he set up a system to catch any such correspondence, which quickly became overburdened and ceased collecting messages.
 
Zuurbier claims that after learning what was going on and seeking legal assistance, he made many attempts to notify US authorities. According to the Financial Times, he handed a copy of the legal advice to his wife "just in case the black helicopters landed in my backyard."
 
In order to enlist the assistance of Dutch diplomats, he joined a trade mission from the Netherlands in 2014. He made another attempt to warn US officials in 2015, but it was futile. Zuurbier resumed collecting misaddressed emails this year in a final attempt to inform the Pentagon.

FBI files leaked

The data flow reveals certain consistent sources of leakage. Emails are frequently misspelled by military travel agencies. Employees sending emails between their own accounts are another issue.
 
One FBI agent with a naval background attempted to transmit six texts to their military email and inadvertently sent them to Mali. One of them was an urgent diplomatic communication from Turkey to the US State Department concerning possible operations by the Kurdistan Workers' Party (PKK) against Turkish interests in the US.
 
When passing notes, one FBI agent frequently mistyped their own email, including a notice from the Turkish embassy in Washington on probable activity by a recognized terrorist group.

The same person also forwarded a series of briefings on domestic US terrorism marked “For Official Use Only” and a global counter-terrorism assessment headlined “Not Releasable to the Public or Foreign Governments.” 
 
Gorman told the FT: “While it is not possible to implement technical controls preventing the use of personal email accounts for government business, the department continues to provide direction and training to DoD personnel.”

What kind of emails were leaked?

A dozen persons requested recovery credentials for an intelligence community system that was accidentally delivered to Mali. Others provided passwords for documents stored on the Department of Defense's secure access file exchange system. The credentials were never used by the FT.

Many of the emails are from commercial firms that work with the US military. General Dynamics gave the army twenty routine reports on the production of grenade training cartridges.

Some emails include passport numbers sent by the state department's special issuances bureau, which grants documents to diplomats and others traveling on official business for the United States.

The Dutch army operates under the domain army.nl, which is one keystroke away from army.ml. More than a dozen emails from serving Dutch forces include discussions with Italian counterparts regarding an ammo pickup in Italy and detailed exchanges about Dutch Apache helicopter operators in the United States. Others included conversations about future military procurement possibilities and a protest about the probable vulnerability of a Dutch Apache unit to cyber attack.

Eight emails from the Australian Department of Defense were misdirected to US recipients. An artillery manual "carried by command post officers for each battery" was among those.

  • United States
  • US military
  • Finland
  • Mali
  • Mali Dili

Most Read

Hezbollah SG reveals war details on Al Mayadeen for the first time

Hezbollah SG reveals war details on Al Mayadeen for the first time

  • Politics
  • 8 Jul 2025
Major ambush in Gaza kills 6 Israeli troops, injures dozens

Major ambush in Gaza kills 5 Israeli troops, injures 14

  • Politics
  • 8 Jul 2025
Israeli soldiers are seen in Beit Hanoun ahead of an operation by the al-Qassam Brigades, undated (Al-Qassam Brigades Military Media)

'Israel' on blast as media exposes report discrepancies in Gaza ambush

  • Palestine
  • 8 Jul 2025
Yemen Navy sinks ETERNITY C ship, shares footage of operation

Yemen Navy sinks ETERNITY C ship, shares footage of operation

  • Politics
  • 9 Jul 2025

Coverage

All
The Ummah's Martyrs

Read Next

All
The Freedom Flotilla ship Handala as it departs for Gaza, where it aims to break the maritime blockade at a port in Syracuse, Sicily in southern Italy on July 13, 2025. (AFP)
Palestine

Freedom Flotilla's Handala departs Sicily in bid to break Gaza siege

The container ship CMA CGM Laperouse, left, docks at the Georgia Ports Authority's Port of Savannah, Sept. 29, 2021, in Savannah, Ga (AP)
Politics

US shipbuilding woes deepen as tariffs, outdated policies backfire

Gaza war raises ethical questions for ex-Obama, Biden officials
Politics

Mercenary firm tied to Gaza war crimes hires Obama-Biden PR operatives

'Israel' targets children in Gaza collecting water
Palestine

'Israel' strikes Gaza kids fetching water, blames it on 'malfunction'

Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • x
  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS