Wednesday, October 16, 2024

FBI email servers compromised to send out fake attack alerts

Hackers break into the Bureau’s email systems to send out at least 100,000 emails warning recipients of imminent cyberattacks

The Federal Bureau of Investigation (FBI) has had its email servers compromised, with the hackers then sending out tens of thousands of bogus spam emails impersonating the agency and the Department of Homeland Security and claiming that the recipient’s systems have been compromised and their data stolen.
According to BleepingComputer, which broke the story, the emails claimed that the recipients have fallen victim to a “sophisticated chain attack” that led to the theft of their data. The emails were first noticed by security researchers at the international nonprofit organization The Spamhaus Project, which specializes in tracking spam and related threats.
In a Twitter thread, the nonprofit confirmed that the emails were being sent from the agency’s infrastructure using a legitimate FBI email address, “eims@ic.fbi.gov”. However, at closer inspection, the email bears all the hallmarks of a scam, including bad grammar and spelling mistakes as well as the signature with contact information being missing.
These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!
— Spamhaus (@spamhaus) November 13, 2021

Speaking to BleepingComputer, the Spamhaus Project estimated that the fake emails may have made their way to at least 100,000 mailboxes, but the nonprofit added that that was a conservative estimate and the final tally may be much higher.
The phony messages lay the blame square on the shoulders of cybersecurity researcher and CEO of cybersecurity firm Night Lion Security Vinny Troia, trying to implicate him as the perpetrator of the “ attacks”. However, Troia had thoughts of his own about who is trying to tarnish his reputation.
Wow I can’t imagine who would be behind this. #thedarkoverlord aka @pompompur_in https://t.co/Xd6XoZNRnl
— Vinny Troia, PhD (@vinnytroia) November 13, 2021

Recommended:  Linux full-disk encryption bug fixed – patch now!

Meanwhile, the FBI released an official statement addressing the incident, stating: “The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.”
The law enforcement agency went to add on to assure the public that the threat actors weren’t able to access or compromise any type of data or personally identifiable information (PII) on its networks. Once the bureau was aware of the incident, it went on to quickly shut down the vulnerability, check the integrity of its networks, and inform its partners that the emails were fake and should be ignored.

Bookmark
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security