Millions of emails intended for the US military's ".mil" domain have been mistakenly sent to Mali, a Russian ally, due to a minor typing error. The West African country's domain name ends with

".ml," which has resulted in misdirected emails for years.

According to reports, some of the emails contained sensitive information, including passwords, medical records, and itineraries of high-ranking officers. While none of the emails were classified, they included medical data, maps of US military facilities, financial records, planning documents for official trips, and certain diplomatic messages.

Johannes Zuurbier, a Dutch internet entrepreneur who manages Mali's country domain, discovered the problem over a decade ago and recently raised the alarm by notifying US officials. He warned that the issue could be exploited by adversaries of the United States, especially as his contract with the Malian government was nearing its end.

Mali's military government was expected to assume control of the domain, adding to concerns about the potential risks posed by the misdirected emails.

US military communications marked as "classified" and "top secret" are transmitted through separate systems that minimize the likelihood of accidental compromises, according to current and former US officials. However, Steven Stransky, a former senior counsel to the Department of Homeland Security's Intelligence Law Division, emphasized that seemingly harmless information can still be useful to adversaries, particularly in building dossiers on military personnel or engaging in espionage activities.

While fortunate that the issue was identified before falling into the wrong hands, the incident underscores the prevalence of cyber-crime, such as typo-squatting, which capitalizes on misspelled internet domains to trick users. It is a common tactic employed by cyber criminals.

The US Department of Defense is treating the matter seriously and has implemented measures to prevent ".mil" emails from being sent to incorrect domains. These measures include blocking such emails and notifying senders to validate their intended recipients.

Human error remains a significant concern for IT specialists in both government and private sectors, with experts emphasizing that it is impossible to control every individual and eliminate all potential mistakes. Photo by Mouase21, Wikimedia commons.