The FBI’s email system was hacked to send out fake cybersecurity warnings – The Verge
Hackers targeted the Federal Bureau of Investigation’s (FBI) email servers, sending out thousands of phony messages that say its recipients have become the victims of a “sophisticated chain attack,” first reported by Bleeping Computer. The emails were initially uncovered by The Spamhaus Project, a nonprofit organization that investigates email spammers.
The emails claim that Vinny Troia was behind the fake attacks and also falsely state that Troia is associated with the infamous hacking group, The Dark Overlord — the same bad actors who leaked the fifth season of Orange Is the New Black. In reality, Troia is a prominent cybersecurity researcher who runs two dark web security companies, NightLion and Shadowbyte.
As noted by Bleeping Computer, the hackers managed to send out emails to over 100,000 addresses, all of which were scraped from the American Registry for Internet Numbers (ARIN) database. A report by Bloomberg says that hackers used the FBI’s public-facing email system, making the emails seem all the more legitimate. Cybersecurity researcher Kevin Beaumont also attests to the email’s legitimate appearance, stating that the headers are authenticated as coming from FBI servers using the Domain Keys Identified Mail (DKIM) process that’s part of the system Gmail uses to stick brand logos on verified corporate emails.
The email was sent from these FBI internal servers, per the headers (which validate with DKIM).
dap00025.str0.eims.cjis – 10.67.35.50
wvadc-dmz-pmo003-fbi.enet.cjis
dap00040.str0.eims.cjis – 10.66.2.72
Before anybody runs off the Russia cliff, I would check webapps.
— Kevin Beaumont (@GossiTheDog) November 13, 2021
The FBI responded to the incident in a press release, noting that it’s an “ongoing situation” and that “the impacted hardware was taken offline.” Aside from that, the FBI says it doesn’t have any more information it can share at this time.
According to Bleeping Computer, the spam campaign was likely carried out as an attempt to defame Troia. In a tweet, Troia speculates that an individual who goes by the name “Pompompurin” may have launched the attack. As Bleeping Computer notes, that same person has allegedly tried damaging Troia’s reputation in similar ways in the past.
A report by computer security reporter Brian Krebs also connects Pompompurin to the incident — the individual allegedly messaged him from an FBI email address when the attacks were launched, stating, “Hi its pompompurin. Check headers of this email it’s actually coming from FBI server.” KrebsOnSecurity even got a chance …….
Source: https://www.theverge.com/2021/11/14/22781341/fbi-email-system-hacked-fake-cybersecurity-warnings