Millions of emails containing sensitive US military information have been sent to a Russian ally for years because of a typo
Military personnel have not only intentionally shared sensitive information with adversaries in recent years but have done so unwittingly as well.
According to a new Financial Times report, millions of U.S. military emails have been incorrectly sent to a close Russian ally over the course of at least a decade.
Messages intended for ".MIL" accounts, which are connected to an American-owned internet domain, were instead sent to the ".ML" domain, which is alternatively associated with the West African country of Mali.
These emails have reportedly included highly sensitive information, including "diplomatic documents, tax returns, passwords and the travel details of top officers."
The CIA's "World Factbook" indicates that Mali has increased security ties with Russia in recent years. Moscow has also provided the Islamic terrorism-plagued nation with substantial military equipment and training. There are presently an estimated 1,000 Russian military contractors in Mali.
Johannes Zuurbier, the Dutch internet entrepreneur who serves as managing director of the Amsterdam-based Mali Dili, has managed Mali's internet domain since 2013. He reportedly raised this issue with the U.S. nearly 10 years ago and has collected well over 100,000 misdirected messages since.
In his latest attempt to press the U.S. to take corrective action, he stated, "This risk is real and could be exploited by adversaries of the US."
That risk of exploitation will now greatly increase because as of Monday, Zuurbier will no longer manage the domain. Instead, Mali's government will be directly intercepting stray American military emails.
The Times noted that while many of the misdirected emails are spam, some contain "X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records."
The travel itinerary for Army Chief of Staff Gen. James McConville's May trip to Indonesia was among the misdirected emails, right down to his hotel room number.
Another email in Zuurbier's collection was reportedly from an FBI agent intended for a Navy official with regard to a visit at an FBI facility.
Another misdirected message sent by an FBI agent reportedly detailed an "urgent Turkish diplomatic letter to the US state department about possible operations by the militant Kurdistan Workers' party (PKK) against Turkish interest in the US."
The same federal agent also sent along a "sensitive" briefing concerning efforts by Iran's Islamic Revolutionary Guards Corps to co-opt Iranian students and the Telegram messaging app to wage espionage operations in America.
Such data could help America's enemies plan attacks, assassinations, extortion campaigns, and more.
Mike Rogers, a retired four-star Navy admiral and the second commander of the U.S. Cyber Command, told the Times, "If you have this kind of sustained access, you can generate intelligence even just from unclassified information," adding, "It's not out of the norm that people make mistakes but the question is the scale, the duration and the sensitivity of the information."
Rogers intimated that the transfer of the domain's control to the Mali government poses a serious problem, particularly if it "sees it as an advantage that they can use."
Steven Stransky, a lawyer who previously served as senior counsel to the Department of Homeland Security's Intelligence Law Division, told the BBC, "Those sorts of communications would mean that a foreign actor can start building dossiers on our own military personnel, for espionage purposes, or could try to get them to disclose information in exchange for financial benefit. ... It's certainly information that a foreign government can use."
Pentagon spokesman Lt. Cmdr. Tim Gorman told CNN in a statement Monday, "The Department of Defense (DoD) is aware of this issue and takes all unauthorized disclosures of Controlled National Security Information or Controlled Unclassified Information seriously."
Gorman also suggested that the DOD "has implemented policy, training, and technical controls to ensure that emails from the '.mil' domain are not delivered to incorrect domains."
Deputy Pentagon Press Secretary Sabrina Singh revealed Monday that the DOD has preemptively blocked its email accounts from emailing the Mali addresses.
Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!