Hackers Sent Thousands of Fake Emails from Legitimate FBI Email Address

By B.N. Frank

Does it seem like “the new normal” includes cyberattacks, risks, threats, and vulnerabilities being reported every single day (see 1, 2, 3, 4, 5, 6, 7)?  Recently the FBI was targeted as well.

From Tech Radar:

FBI email server hack was down to “poor code”

By Mayank Sharma

Flaw has been identified and fixed, claims the FBI

Hackers claim that it was insecure code in a Federal Bureau of Investigation (FBI) portal designed to share information with state and local law enforcement authorities that they abused to send thousands of fake emails.

The hackers were able to distribute spam email from a legitimate FBI email address, impersonating FBI warnings that falsely claimed that the recipients’ network had been breached.

In an interview with KrebsOnSecurity, the alleged hacker shared that they found a vulnerability in the FBI’s Law Enforcement Enterprise Portal (LEEP), which enabled them to inject a script for blasting the fake emails.

Describing the flaw as a “horrible thing to be seeing on any website,” the hacker said this is the first time they’ve seen the flaw on a portal managed by the FBI.

Caught in the crossfire

Confirming the incident, the FBI through a statement assured that while the messages did originate from a server managed by the FBI, it was isolated from the agency’s corporate email, and did not allow the hacker access to any data, or personally identifiable information (PII) on the FBI’s network.

They added that it was a “software misconfiguration” in LEEP that facilitated the hackers to send the fake emails.

“Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks,” the FBI told BleepingComputer.

Interestingly, the fake message warned recipients about a “sophisticated chain attack” from an advanced threat actor known, who they identified as Vinny Troia.

Incidentally, Troia is the head of cybersecurity research of dark web intelligence companies NightLion and Shadowbyte, and a perennial target of threat actors. In fact, according to reports, threat actors often conduct malicious operations, such as website defacements, and then try to falsely pin the attacks on Troia.

Make sure you don’t make the same mistake as the FBI by using one of these best email hosting providers, while protecting your computers against all kinds of cyber-attacks with these best endpoint protection tools

Activist Post reports regularly about cybersecurity and unsafe technology.  For more information visit our archives.

Image: Pixabay

Become a Patron!
Or support us at SubscribeStar
Donate cryptocurrency HERE

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on Telegram, HIVE, Flote, Minds, MeWe, Twitter, Gab and What Really Happened.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.

Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

Be the first to comment on "Hackers Sent Thousands of Fake Emails from Legitimate FBI Email Address"

Leave a comment

Your email address will not be published.