Fake messages indicating a “sophisticated chain attack” were sent out by anonymous threat actors who infiltrated the FBI’s email system, the FBI confirmed on Saturday.
Rogue warning emails with the subject line “Urgent: Threat actor in systems” were sent to thousands of users using an FBI email address, “[email protected][.]gov”.
From the details that have been revealed about the incident, it seems that the spam messages have been sent through an abused insecure code in an FBI online portal meant to exchange information with state and local law enforcement officials.
More information about the case reveals that the breach occurred thanks to a flaw in LEEP, the FBI’s Law Enforcement Enterprise Portal (LEEP). That allowed attackers to apply for an account, as well as leak the one-time password that’s sent to the applicant to confirm their registration. This also enabled the attackers to intercept and tamper the HTTP requests with their own hoax message to thousands of email addresses.
SpamHaus, a threat intelligence non-profit, was the first to publicly disclose the incident. According to them, the email blasts occurred in two “spam” waves, one just before 5:00 a.m. UTC and another just after 7:00 a.m. UTC.
In their statement, the FBI stated that a software misconfiguration permitted an actor to send bogus emails for a short period of time using the Law Enforcement Enterprise Portal (LEEP)”. Despite coming from an FBI-operated server, however, the fraudulent email was not part of the FBI’s business email service. Instead, it was used to push notifications for LEEP. No data or PII has been stolen from the FBI’s network by any outside actors, the statement reveals.
From what has been disclosed, it seems that Vinny Troia, a researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, is the most likely target of this smear email campaign since the FBI email systems’ attack has been framed on him. The security researcher has been a victim of several hacking attacks on his Twitter and website account in the past.