The Federal Bureau of Investigation (FBI), which is the United States federal law enforcement agency, had its email servers targeted by someone who sent out spam emails to thousands of people warning of a serious cyberattack. The FBI has acknowledged the issue in an official statement.
As per a report by Bleeping Computer, the fake email stated that its recipients have become the victims of a “sophisticated chain attack.” The hackers used the FBI’s public-facing email system to make the emails seem legitimate. According to the report by Bleeping Computer, the fake emails claimed that the advanced threat actor was a person named Vinny Troia. It should be noted that Troia is the head of security research of dark web intelligence for companies such as NightLion and Shadowbyte, adds the report.
The Spamhaus Project, a non-profit intelligence organisation, said the emails have likely been sent to over 100,000 email addresses. The hackers made use of legitimate FBI systems to plan the attack like using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), adds the report.
Alex Grosjean, senior threat analyst at Spamhaus told CNN, while they did not think any malicious link was attached to the email, this was likely a prank meant to scare the recipients.
These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!
— Spamhaus (@spamhaus) November 13, 2021
Meanwhile, KrebsOnSecurity has reported that the attacker behind this was likely an actor called “Pompompurin” who had contacted them after the emails were sent out. The attacker claimed that”the hack was done to point out a glaring vulnerability in the FBI’s system,” notes the report.
Incidentally, Troia who was targeted in the email also tweeted about the issue and said it was likely that the person identifying as Pompompurin was responsible for it.
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
The FBI in a statement said that it was aware of a “software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails.” The statement adds that LEEP is the agency’s IT infrastructure which is used to communicate with state and local law enforcement partners.
“While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks,” the statement adds.