Due to a typo, Dutch webmaster Johannes Zurbier has received more than 100,000 emails since January that were intended for the US military. This is what Financial Times. Zurber runs a Mali domain that ends in .ml (like the Netherlands’ .nl domain) — which is very similar to .mil, the US military’s domain. As soon as people forget the “i”, they receive emails. Sometimes they contain highly sensitive content: tax returns, passwords or travel plans of senior officials.

Zurbier raised the issue ten years ago and sent another letter to the United States this month. He adds: “The danger is real, and America’s adversaries can benefit from this.” Zurber and his company Mali Dili will transfer sponsorship of the .ml domain to the government of Mali, which has close ties to Russia, on Monday.

Before Zurbier took over the Mali domain name in 2013, he already managed the domains of the Central African Republic, Gabon, Equatorial Guinea, and New Zealand’s Tokelau Archipelago. In Mali, he suddenly discovered a lot of requests for domains such as army.ml and navy.ml, which did not exist. Zurber suspected it had to do with emails. When he installed a system to intercept those messages, he was quickly overrun and dismantled the system.

Read also: Zuurbier bought a radio frequency for “Financial News Radio” earlier this year in its first frequency auction in 20 years. It is not clear what he wants from that channel.

Once Zurber realized what was happening, he sought legal advice and tried several times to warn the US authorities. He became so nervous that he gave his wife a copy of legal advice: “Just to be on the safe side, if black helicopters suddenly show up in my backyard.”

According to a Pentagon spokesperson, emails sent to a domain outside the .mil domain are automatically blocked — so military personnel must first click on a message urging them to verify the sender. Apparently this is not enough in many cases, even though the majority of emails are spam, says Zurber.

Confidential emails, which Classify It was marked, but he never received it. But they contain X-ray images and other medical data, data on identity papers, building plans, photos of military bases, passwords, contracts, (criminal) complaints about employees, internal investigations into bullying and tax and financial documents. ‘It is enough to gain valuable insights, even if the documentation is not Classify“, says retired US Admiral Mike Rogers.

Zuurbier also received emails from the Dutch Army: army.nl, the Dutch domain, is also one wrong key away from .ml. For example, he obtained insight into a Dutch ammunition collection operation in Italy and detailed reports among Dutch Apache helicopters in the United States – including a complaint about being subjected to a cyber attack. The Ministry of Defense did not respond, he writes Financial Times. (Simon Hermes)