FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

Information about FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

Is Kevin David a Scam

The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake “sophisticated chain attack.”

The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line “Urgent: Threat actor in systems” originating from a legitimate FBI email address “[email protected][.]gov” that framed the attack on Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, while also claiming him to be affiliated with a hacking outfit named TheDarkOverlord.

Automatic GitHub Backups

SpamHaus cited its own telemetry data to point out that the email blasts happened over two “spam” waves, one shortly before 5:00 a.m. UTC and another one shortly after 7:00 a.m. UTC.

However, according to Kryptos Logic researcher Marcus Hutchins, the goal appears to be to discredit Troia. “Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this,” Hutchins tweeted.

Brian Krebs of Krebs on Security, who also received an independent missive from the perpetrator, detailed in an independent report that the “spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.”

Pompompurin, as the hacker entity goes by online, told Krebs that the breach was carried out by taking advantage of a flaw in the FBI’s Law Enforcement Enterprise Portal (LEEP) that not only allowed any individual to apply for an account, but also leaked the one-time password that’s sent to the applicant to confirm their registration, effectively enabling them to intercept and tamper the HTTP requests with their own phony message to thousands of email addresses.

Prevent Data Breaches

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails,” the agency said in a statement. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network.”

“Should I be flattered that the kids who hacked the FBI email servers decided to do it in my name?,” Troia later tweeted, while also hinting at Pompompurin being the mastermind of the smear campaign. Earlier in the day, those in charge of the Twitter account said: “I am not involved in any illegal activities. Please note that this account is also operated by [Vinny Troia].”

Breaking Story – FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The Latest News on FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

Source link
Category – Cyber Security

Leave a Reply

Your email address will not be published. Required fields are marked *