US and UK Accidentally Emailed Sensitive Info to a Russian-Ally Because of a Typo
Emails intended to be sent to members of the U.S. military were mistakenly sent to the African country of Mali, a Russian ally, for years according to multiple reports.
The messages were erroneously sent by Pentagon officials and officials of the U.K’s Ministry of Defence due to typos that confused the Pentagon’s “.mil” domain with the Mali suffix “.ml.”
The missing letter meant the difference between potentially sensitive information reaching its intended recipient or a potentially malicious third party.
Last week, the Financial Times reported the error was reported to U.S. military officials by a man named Johannes Zuurbier.
Zuurbier was hired 10 years ago by Mali’s government to run the country’s internet domain, and it was then he first identified the problem. He claimed he has been trying, unsuccessfully, to alert U.S. officials, but nothing had been done.
The tech entrepreneur wrote to the Pentagon recently to make U.S. military leadership aware of the issue and said his contract to run the domain of Russia’s African ally is ending soon.
Zuurbier said millions of messages that were intended to remain private were sent to the wrong address. Some included details about military personnel and their travel itineraries.
In one instance, the travel itinerary for a May trip of U.S. Army Chief of Staff Gen. James McConville, including his room number and security information, was sent to this domain.
Other sensitive information was also sent to the wrong domain but none of it was marked classified. According to the Financial Times, “[S]ome messages contain highly sensitive data on serving U.S. military personnel, contractors and their families. Their contents include X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records.”
The Pentagon has reportedly taken measures to prevent future messages from potentially falling into the wrong hands.
After the report dropped, it was reported the same URL issue had also seen privileged emails from the U.K. sent to Mali and not to people at the Pentagon.
After London’s The Times reported the issue, the U.K.’s top military brass said on Twitter it was investigating in a pair of tweets.
The official Ministry of Defence account took issue with the reporting the Times shared.
“This report misleadingly claims state secrets were sent to Mali’s email domain,” U.K. officials wrote. “We assess fewer than 20 routine emails were sent to an incorrect domain & are confident there was no breach of operational security or disclosure of technical data.”
(1/2) This report misleadingly claims state secrets were sent to Mali’s email domain. We assess fewer than 20 routine emails were sent to an incorrect domain & are confident there was no breach of operational security or disclosure of technical data. https://t.co/frvgl3PE8C
— Ministry of Defence 🇬🇧 (@DefenceHQ) July 28, 2023
The account added, “An investigation is ongoing. Emails of this kind are not classified at secret or above.”
(2/2) An investigation is ongoing. Emails of this kind are not classified at secret or above.
— Ministry of Defence 🇬🇧 (@DefenceHQ) July 28, 2023
The Times had reported some British military emails meant for the Pentagon contained vacation schedules for military officers and also “detailed descriptions” of weapons such as hypersonic missiles.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.
