Typo Leads To U.K. Accidentally Sending Military Emails Meant For U.S. To Russian Ally

The U.K. Defense Ministry intended to send a batch of emails to the Pentagon, but a typo led to the emails being sent to the government of Mali, which maintains close ties to Moscow. 

British officials mistakenly left out the “i” in the Pentagon’s domain name “.mil,” sending the military emails to Mali, which uses the domain name “.ml,” the Times U.K. reported. This is the second time this month that emails intended for the Pentagon have been mistakenly sent to Mali because of the same typing error. Millions of emails, including ones with sensitive information, that were intended for the Pentagon were sent to Mali earlier this month, according to a Financial Times investigation. 

“We have opened an investigation after a small number of emails were mistakenly forwarded to an incorrect email domain,” a spokesman for the Defense Ministry said, according to Reuters. 

Most of the emails sent to the Mali government contained harmless information such as the dates of when Defense Ministry and Foreign Ministry employees were on vacation, but the Times reported that some of the emails mistakenly sent to the Russian ally from the British government contained detailed information on British research into hypersonic missiles — a claim the U.K. denied.

“This report misleadingly claims state secrets were sent to Mali’s email domain. We assess fewer than 20 routine emails were sent to an incorrect domain & are confident there was no breach of operational security or disclosure of technical data,” the ministry said Friday. “An investigation is ongoing. Emails of this kind are not classified at secret or above.”

The problem arising from the similar domain names between the Pentagon and the Mali government has been an issue for a decade, according to Johannes Zuurbier, a Dutch internet entrepreneur who had a contract giving him control of Mali’s domain for the past 10 years. Since January, Zuurbier has been keeping track of misdirected emails that have gone to the “.ml” site, and held nearly 117,000 misdirected emails before control of the domain reverted back to Mali on Monday, The Financial Times reported.

“This risk is real and could be exploited by adversaries of the US,” Zuurbier wrote to the U.S. in early July. 

The Mali government was one of six African countries promised free grain by Russian President Vladimir Putin earlier this week, the Times U.K. reported. Colonel Assimi Goïta, who rules the country, has relied on the Russian mercenary group Wagner to help him maintain control in the unstable Western African nation.

 

“Any future mistypes could be seen by the Malian government and the only way to prevent a security leak is to warn people about the dangers of using ‘ml,’” Zuurbier said. “Mali can share whatever sensitive material they receive with any adversaries of the US from now on.”