Hackers claim that it was insecure code in a Federal Bureau of Investigation (FBI) portal designed to share information with state and local law enforcement authorities that they abused to send thousands of fake emails.
The hackers were able to distribute spam email from a legitimate FBI email address, impersonating FBI warnings that falsely claimed that the recipients' network had been breached.
In an interview with KrebsOnSecurity, the alleged hacker shared that they found a vulnerability in the FBI’s Law Enforcement Enterprise Portal (LEEP), which enabled them to inject a script for blasting the fake emails.
Describing the flaw as a “horrible thing to be seeing on any website,” the hacker said this is the first time they’ve seen the flaw on a portal managed by the FBI.
Caught in the crossfire
Confirming the incident, the FBI through a statement assured that while the messages did originate from a server managed by the FBI, it was isolated from the agency's corporate email, and did not allow the hacker access to any data, or personally identifiable information (PII) on the FBI's network.
They added that it was a “software misconfiguration” in LEEP that facilitated the hackers to send the fake emails.
“Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks," the FBI told BleepingComputer.
Interestingly, the fake message warned recipients about a “sophisticated chain attack” from an advanced threat actor known, who they identified as Vinny Troia.
Incidentally, Troia is the head of cybersecurity research of dark web intelligence companies NightLion and Shadowbyte, and a perennial target of threat actors. In fact, according to reports, threat actors often conduct malicious operations, such as website defacements, and then try to falsely pin the attacks on Troia.
Make sure you don’t make the same mistake as the FBI by using one of these best email hosting providers, while protecting your computers against all kinds of cyber-attacks with these best endpoint protection tools
