Security News > 2021 > November > FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands
2021-11-15 01:54

The U.S. Federal Bureau of Investigation on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "Sophisticated chain attack."

"Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this," Hutchins tweeted.

Pompompurin, as the hacker entity goes by online, told Krebs that the breach was carried out by taking advantage of a flaw in the FBI's Law Enforcement Enterprise Portal that not only allowed any individual to apply for an account, but also leaked the one-time password that's sent to the applicant to confirm their registration, effectively enabling them to intercept and tamper the HTTP requests with their own phony message to thousands of email addresses.

"The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal to send fake emails," the agency said in a statement.

"While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI's corporate email service. No actor was able to access or compromise any data or PII on the FBI's network."

"Should I be flattered that the kids who hacked the FBI email servers decided to do it in my name?," Troia later tweeted, while also hinting at Pompompurin being the mastermind of the smear campaign.


News URL

https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html