Hackers break into the Bureau’s email systems to send out at least 100,000 emails warning recipients of imminent cyberattacks
The Federal Bureau of Investigation (FBI) has had its email servers compromised, with the hackers then sending out tens of thousands of bogus spam emails impersonating the agency and the Department of Homeland Security and claiming that the recipient’s systems have been compromised and their data stolen.
According to BleepingComputer, which broke the story, the emails claimed that the recipients have fallen victim to a “sophisticated chain attack” that led to the theft of their data. The emails were first noticed by security researchers at the international nonprofit organization The Spamhaus Project, which specializes in tracking spam and related threats.
In a Twitter thread, the nonprofit confirmed that the emails were being sent from the agency’s infrastructure using a legitimate FBI email address, “firstname.lastname@example.org”. However, at closer inspection, the email bears all the hallmarks of a scam, including bad grammar and spelling mistakes as well as the signature with contact information being missing.
These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!
— Spamhaus (@spamhaus) November 13, 2021
Speaking to BleepingComputer, the Spamhaus Project estimated that the fake emails may have made their way to at least 100,000 mailboxes, but the nonprofit added that that was a conservative estimate and the final tally may be much higher.
The phony messages lay the blame square on the shoulders of cybersecurity researcher and CEO of cybersecurity firm Night Lion Security Vinny Troia, trying to implicate him as the perpetrator of the “ attacks”. However, Troia had thoughts of his own about who is trying to tarnish his reputation.
Wow I can’t imagine who would be behind this. #thedarkoverlord aka @pompompur_in https://t.co/Xd6XoZNRnl
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
Meanwhile, the FBI released an official statement addressing the incident, stating: “The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.”
The law enforcement agency went to add on to assure the public that the threat actors weren’t able to access or compromise any type of data or personally identifiable information (PII) on its networks. Once the bureau was aware of the incident, it went on to quickly shut down the vulnerability, check the integrity of its networks, and inform its partners that the emails were fake and should be ignored.