Hackers claim that it was insecure code in a Federal Bureau of Investigation (FBI) portal designed to share information with state and local law enforcement authorities that they abused to send thousands of fake emails (opens in new tab).
The hackers were able to distribute spam email from a legitimate FBI email address, impersonating FBI warnings that falsely claimed that the recipients' network had been breached.
In an interview with KrebsOnSecurity (opens in new tab), the alleged hacker shared that they found a vulnerability in the FBI’s Law Enforcement Enterprise Portal (LEEP), which enabled them to inject a script for blasting the fake emails.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
Describing the flaw as a “horrible thing to be seeing on any website,” the hacker said this is the first time they’ve seen the flaw on a portal managed by the FBI.
Caught in the crossfire
Confirming the incident, the FBI through a statement assured that while the messages did originate from a server managed by the FBI, it was isolated from the agency's corporate email, and did not allow the hacker access to any data, or personally identifiable information (PII) on the FBI's network.
They added that it was a “software misconfiguration” in LEEP that facilitated the hackers to send the fake emails.
“Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks," the FBI told BleepingComputer (opens in new tab).
Interestingly, the fake message warned recipients about a “sophisticated chain attack” from an advanced threat actor known, who they identified as Vinny Troia.
Incidentally, Troia is the head of cybersecurity (opens in new tab) research of dark web intelligence companies NightLion and Shadowbyte, and a perennial target of threat actors. In fact, according to reports, threat actors often conduct malicious operations, such as website defacements, and then try to falsely pin the attacks on Troia.
Make sure you don’t make the same mistake as the FBI by using one of these best email hosting providers (opens in new tab), while protecting your computers against all kinds of cyber-attacks with these best endpoint protection tools (opens in new tab)