A hacker has gained access to the U.S. Federal Bureau of Investigation’s server and sent out thousands of fake cybersecurity warnings.
The emails were sent on Saturday morning, Nov. 13, from the [email protected] address. The emails contained the subject line of “threat actor in systems” before going on to claim “our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.”
The form of the email was already suspicious, but then it got weird. The text claims that the threat actor is Vinny Troia, who is linked to a group called TheDarkOverlord. Although The Dark Overlord is a real hacking group, Vinny Troia is the head of security research at dark web intelligence companies NightLion and Shadowbyte.
The fake emails were first detected by Spamhaus and then later confirmed to be unauthentic by the FBI. The bureau describes the compromise as exploiting “a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails.”
“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI added. “No actor was able to access or compromise any data or [personally identifiable information] on the FBI’s network.
The hacker has also since come forward. A person going by “Pompompurin” — the name of a character in Hello Kitty — reached out to Krebs of Security to take credit for the attack and subsequent fake security notices. The intent of Pompompurin appears to have been to expose security issues at the FBI.
The way Pompompurin claims to have gained access is arguably embarrassing for the FBI, given how simple it was. The LEEP portal allowed anyone to sign up to it and even included instructions. Applicants would then receive confirmation from the FBI, but according to Pompompurin, the LEEP portal included a onetime passcode in the HTML code of the web page.
“Needless to say, this is a horrible thing to be seeing on any website,” Pompompurin said. “I’ve seen it a few times before, but never on a government website, let alone one managed by the FBI.”
The FBI’s server is now secure, at least until another person finds a security vulnerability.
Photo: Defense Department
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.