The FBI stated on Saturday that unidentified threat actors had infiltrated one of its email systems and were sending out bogus messages about a fake “sophisticated chain attack.”
The incident involved sending rogue warning emails with the subject line “Urgent: Threat actor in systems” originating from a legitimate FBI email address “[email protected][.]gov” framing the attack on Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, while also claiming him to be affiliated with a hacking outfit named TheDarkOver.
The email blasts occurred across two “spam” waves, one immediately before 5:00 a.m. UTC and the other shortly after 7:00 a.m. UTC, according to SpamHaus’ own telemetry data.
However, according to Marcus Hutchins of Kryptos Logic, the purpose appears to be to undermine Troia. “Vinny Troia published a book that revealed details on the hacker group TheDarkOverlord. Someone began removing ElasticSearch clusters shortly after, leaving his name behind. Later, his Twitter account was hacked, followed by his website. This is being sent by a hacked FBI email server “Hutchins sent out a tweet.
The “spam letters were delivered by leveraging insecure code in an FBI internet gateway designed to share information with state and local law enforcement officials,” according to Brian Krebs of Krebs on Security, who also received an independent missive from the offender.
The breach was carried out by exploiting a flaw in the FBI’s Law Enforcement Enterprise Portal (LEEP), which not only allowed anyone to apply for an account, but also leaked the one-time password that’s sent to the applicant to confirm their registration, effectively enabling them to intercept and tamper the HTTP requests with their own phoney message to thousands of email addresses, according to Pompompurin, the hacker entity’s online handle.
The FBI said in a statement that it was aware of a software misconfiguration that temporarily permitted an actor to use the Law Enforcement Enterprise Portal (LEEP) to send bogus emails. “While the fraudulent email was sent from an FBI-owned server, it was only used to send LEEP notifications and was not part of the FBI’s corporate email system. No one was able to gain access to or compromise any data or personally identifiable information (PII) on the FBI’s network.”
“Should I be flattered that the kids who hacked the FBI email servers opted to do it in my name?” Troia tweeted later, implying that Pompompurin was behind the slander effort. Those in control of the Pompompurin Twitter account earlier in the day said: “I don’t participate in any criminal actions. Please be aware that [Vinny Troia] is also in charge of this account.”
The Shining Media is an independent news website and channel, covering updates from the world of Politics, Entertainment, Sports, International, National, and a lot more.