Hackers Breach FBI's Email System to Send Fake Cyber Security Alert

  • By David Lukic
  • Published: Dec 03, 2021
  • Last Updated: Mar 18, 2022

 Hackers have targeted the FBI’s email servers and sent out thousands of fake messages that notified recipients of being victims of a “sophisticated chain attack.” The security event underscored the critical cyber threats and vulnerabilities that still exist in federal systems.

What Happened in the FBI email Leak?

Threat actors sent thousands of emails to recipients on Saturday morning about a fake cyber attack. The emails were sent using the FBI’s email system to make the messages appear to come from a legitimate source. They were initially uncovered by The Spamhaus Project, a nonprofit organization that investigates email spammers who first reported the development via Twitter.

The hackers behind the attack managed to send out emails to over 100,000 addresses, all of which were scraped from the database of the American Registry for Internet Numbers (ARIN), the nonprofit responsible for managing the distribution of Internet addresses in North America.

The attack could have been worse than just a fake alert. Experts believe that the hackers might have used the security gap exploitation of the FBI’s Law Enforcement Enterprise (LEEP) portal to send more legit-looking emails and trick companies into handing over data.

Who Is Responsible?

The emails claim that Vinny Troia, a prominent cybersecurity researcher who runs two dark web security companies, NightLion and Shadowbyte, was behind the fake attacks.

The spam campaign was most likely carried out in an attempt to discredit Troia. However, Troia shared in a tweet that the attack was carried out by a person known as "Pompompurin.”

Hackers Breach FBI's Email System

What Is the FBI Doing?

The FBI responded to the incident by releasing a press release that described the situation as “ongoing.” They also stated that “the impacted hardware was taken offline.”

In an updated statement, an FBI representative said the hacker had found and exploited a flaw in how an agency messaging system is configured, and that they weren't able to access internal FBI files.

The FBI said in an elaborated statement that the compromised system was an unclassified server, the Law Enforcement Enterprise Portal (LEEP), used by FBI personnel to communicate outside of the organization with state and local law enforcement partners, and the hackers didn’t appear to have gained access to internal databases containing state secrets or classified information.

The FBI has alerted its partners about the fake messages and says it has "immediately remediated the software vulnerability" even as the investigation is still ongoing.

This is not the first time the FBI’s LEEP system has experienced a breach. In 2015, hackers broke into the system to steal data and access a variety of law enforcement systems.

How to Protect Yourself from Spam from Legit Looking Emails

There are a number of ways to avoid becoming a victim of spam messages however it can be a bit tricky to identify when the threat is coming from a legitimate address or person. However, it is important to avoid identity theft, virus infections loss of personal data, and even worse, putting unsuspecting colleagues, friends, and family at risk.

Assume Zero Trust. Always be cautious in opening links or attachments in your emails. Be on the lookout for abnormal activity and trends out of the usual with people and accounts you interact with to avoid being a victim in cases where the mail is from a breached legitimate address.

Use Anti-Virus Software. Anti-virus software and filtering tools can help to scan the emails that you receive for malware to prevent you from opening a potentially threatening file. This helps to reduce the chances of malware infecting your computer. However, email spam filters are not foolproof. It is critical that you learn to identify phishing scams and take the appropriate steps to protect your computer and your data.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Snapchat Scams and How to Avoid Them

Snapchat Scams and How to Avoid Them

Snapchat is a mobile-based social media platform owned by Snap Inc. ; it is a global platform, hosting over 734.8 million users, the majority of which are Gen Z. The platform began as a resource for sharing pictures between friends but has evolved to include options for creator content, group conversations, and the sharing of media.

How to Recognize and Avoid Publishers Clearing House Scams

How to Recognize and Avoid Publishers Clearing House Scams

The Publishers Clearing House (PCH) appeared in 1967, promoting magazine subscriptions, merchandise, time-share vacations, and their famous cash prize sweepstakes.

What is a Time Theft and How to Prevent It

What is a Time Theft and How to Prevent It

Time theft happens when employees dishonestly use their paid work hours for personal activities or tasks unrelated to work. Time fraud significantly impacts an organization's productivity, business strategy, finances, and employee morale.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address