UPDATED 20:48 EST / NOVEMBER 14 2021

SECURITY

Hacker gains access to FBI server, sends out fake cybersecurity warnings

A hacker has gained access to the U.S. Federal Bureau of Investigation’s server and sent out thousands of fake cybersecurity warnings.

The emails were sent on Saturday morning, Nov. 13, from the eims@is.fbi.gov address. The emails contained the subject line of “threat actor in systems” before going on to claim “our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.”

The form of the email was already suspicious, but then it got weird. The text claims that the threat actor is Vinny Troia, who is linked to a group called TheDarkOverlord. Although The Dark Overlord is a real hacking group, Vinny Troia is the head of security research at dark web intelligence companies NightLion and Shadowbyte.

The fake emails were first detected by Spamhaus and then later confirmed to be unauthentic by the FBI. The bureau describes the compromise as exploiting “a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails.”

“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI added. “No actor was able to access or compromise any data or [personally identifiable information] on the FBI’s network.

The hacker has also since come forward. A person going by “Pompompurin” — the name of a character in Hello Kitty — reached out to Krebs of Security to take credit for the attack and subsequent fake security notices. The intent of Pompompurin appears to have been to expose security issues at the FBI.

The way Pompompurin claims to have gained access is arguably embarrassing for the FBI, given how simple it was. The LEEP portal allowed anyone to sign up to it and even included instructions. Applicants would then receive confirmation from the FBI, but according to Pompompurin, the LEEP portal included a onetime passcode in the HTML code of the web page.

“Needless to say, this is a horrible thing to be seeing on any website,” Pompompurin said. “I’ve seen it a few times before, but never on a government website, let alone one managed by the FBI.”

The FBI’s server is now secure, at least until another person finds a security vulnerability.

Photo: Defense Department

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU