Unusual Whales

Millions of emails intended for Pentagon employees were inadvertently sent to email accounts in Mali over the last decade

Unusual Whales -

Over the past ten years, a Dutch technologist discovered that millions of emails meant for Pentagon employees were mistakenly sent to Mali due to typos. The similarity between the US military's email address and Mali's domain caused the confusion. Consequently, sensitive information such as hotel reservations for senior US military officials was inadvertently exposed.

The emails were originally intended for individuals with ".MIL" email accounts, which belong to the US military. However, due to typing errors, they ended up being sent to the .ML domain, responsible for managing email accounts in Mali, West Africa.

This email mishap highlights the security risks faced by US national security officials as a result of innocent mistakes. The personal information contained in these emails could potentially be exploited for targeted cyberattacks or to monitor the activities of Pentagon personnel, although there is no evidence to suggest this has occurred in this instance.

The issue was first reported by the Financial Times. Johannes "Joost" Zuurbier, a Dutch internet entrepreneur, received these emails as his company was contracted to oversee the .ML domain. Zuurbier has brought this issue to the attention of various US officials, including the US Embassy in Mali, since 2013.

When asked about the potential security risks and the misdirected emails, Zuurbier expressed ongoing concern. Recently, his contract for managing the .ML domain expired, prompting him to raise awareness of the problem through the media.

It is important to note that none of the leaked emails originated from official Department of Defense email addresses. However, the Department has taken precautionary measures by blocking its email accounts from sending messages to .ml email addresses. Deputy Pentagon Press Secretary Sabrina Singh stated that only emails from personal accounts, such as Gmail or Yahoo, were affected. Singh emphasized that using personal email accounts for official purposes is strongly discouraged.

The Department of Defense acknowledges the issue and treats any unauthorized disclosure of Controlled National Security Information or Controlled Unclassified Information seriously, according to Lt. Cmdr. Tim Gorman's statement to CNN.

While the frequency of misdirected emails has decreased in recent years, Zuurbier still receives hundreds of such emails daily. Many of these emails are spam, but some contain sensitive information.

For instance, one of the misdirected emails included hotel room numbers for Army Chief of Staff, Gen. James McConville, and his team during their visit to Indonesia in May.