Skip to content

IP Twins

Home » A typo hijacked thousands of emails from US Army

A typo hijacked thousands of emails from US Army

Justin Cron on Unsplash

It’s a typo that could have had far-reaching consequences. The various American armed forces use the .mil domain name extension, which is strictly reserved for them (.mil for “military”).
Domain names such as army.mil or navy.mil are used by the various components of the US army, particularly for sending emails.

At the same time, Mali uses the .ml extension. This is where the problem comes in: by registering similar domain names in the .ml extension, such as army.ml or navy.ml, and connecting mail servers to them, one of the directors of the .ml registry received several tens of thousands of emails intended for US army personnel.

According to the Financial Times, which broke the story, at least 115,000 emails were mistakenly sent to .ml addresses instead of .mil. According to the newspaper, no classified documents were sent, but a great deal of sensitive information was shared.

This story is a reminder of the need to put in place a strict naming policy and mechanisms for sending emails.