2 min Security

Dutch entrepreneur discovers potentially dangerous typo in mail addresses

Dutch entrepreneur discovers potentially dangerous typo in mail addresses

A Dutch internet entrepreneur who manages the .ml domain extension for the Malian government has discovered that a typo has caused many U.S. military emails containing sensitive information to be sent to this African country.

Johannes Zuurbier discovered that American military e-mails were often sent to the domain. This was because of a typo in the domain extension in an e-mail address. American soldiers often typed in .ml as the extension at the end of an e-mail address, when it should have been .mil. The latter extension is assigned to the U.S. military.

According to Financial Times, the Dutch administrator of the country domain for Mali noticed this error and saw that the misdirected emails often contained sensitive information. These include diplomatic documents, tax assessments, passwords and the travel details of top officers. Also involved are many e-mails from suppliers to the U.S. military.

Urgent action needed

Zuurbier has notified the U.S. military government several times of the typo and the impact it has on emails sent. According to him, it is extremely important that the Americans start paying close attention to these typo’s, as responsibility for the .ml domain will soon be transferred to the Malian government.

The Malian government has close ties with Russia, in part because of the presence of Wagner mercenaries in the country. These will now provide security within Mali, now that the Malian government has put the UN peacekeeping force on hold.

America’s response

In a response, the U.S. Department of Defense indicates that it is aware of the problem and that every effort is being made to prevent it. For example, emails sent with a .ml address extension would not be able to leave the .mil domain.

This last comment suggests that the error occurs primarily for e-mail sent from private or other environments. This only makes the error more urgent.

Dutch military mail as well

The typo would also occur for e-mail sent by Dutch military personnel. The e-mail extension of army.nl sits just a keystroke away from army.ml. According to Zuurbier, he would also have encountered Dutch military mail in this way.

Tip: Chinese email hack only detectable with most expensive Microsoft subscription