The FBI has not had a very good weekend thanks to a software misconfiguration that caused its email system to be temporarily compromised. Tens of thousands of people were sent fake email alerts this weekend that seemingly came from the FBI.
Estimated reading time: 3 minutes
Hackers compromised an FBI-owned online portal and used a misconfiguration to do so. The portal is known as the Law Enforcement Enterprise Portal (LEEP), and the hackers sent out thousands of emails that looked legit due to the address ending in @ic.fbi.gov. LEEP acts as a gateway for state and local law enforcement authorities to share intel and access resources as part of their investigations.
The agency did issue a press release when it discovered the issue and then updated the statement today:
The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.Federal Bureau of Investigation
According to the agency, The hackers accessed no files, and the FBI identified the threat swiftly, and the agency shut down the hardware quickly.
The phony messages warned recipients that they were at risk of a “sophisticated chain attack,” according to screenshots shared on Twitter by The Spamhaus Project, a nonprofit that tracks spam and other cyber threats.
The emails name real-life cybersecurity expert Vinny Troia as the perpetrator behind the fake attacks and falsely claim that he is associated with the hacking group The Dark Overlord, the same bad actors that infamously leaked the fifth season of Orange Is the New Black. Troia’s company Night Lion Security, an IT security consulting firm known for investigating the dark web and other cybercrime marketplaces, published an investigative report about The Dark Overlord in January.
In a statement to Krebs on Security, Pompompurin later said the hack was intended to shine a light on glaring vulnerabilities in the FBI’s email systems. To push out emails from a legitimate FBI email address, they said they leveraged insecure code in the LEEP portal to hijack an email confirmation with a one-time passcode that gets sent out when you try to apply for an account, which, before this attack, anyone could do just by visiting the website.Gizmodo
What do you think of this story? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
Last Updated on November 14, 2021.