Early Saturday morning, threat intelligence firm Spamhaus tweeted about a FBI hack prank. Malicious actors sent out more than 100,000 spam messages with the subject line "Urgent: Threat actor in systems." Recipients found the whole situation scary.
According to Spamhaus, threat actors exploited the online website Law Enforcement Enterprise Portal (LEEP). This is a legitimate website used by both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) for official notifications.
We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021
The attackers hijacked the website to send out two waves of spam mails. Since they used a genuine email address, many recipients believed it was an actual warning.
Who Received the FBI Hack Prank?
Spamhaus explained that hackers scraped email addresses from the ARIN database for their recipients. Victims experienced a lot of disruption since the emails came from the FBI infrastructure. Note, however, that the fake email did not contain a name or contact information. Spamhaus tweeted a photo of the fake email.
These emails look like this:
— Spamhaus (@spamhaus) November 13, 2021
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: eims@ic.fbi.gov
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh
Be warned that it uses a sending IP: 153.31.119.142, a sender address: eims@ic.fbi.gov, and a subject: "Urgent: Threat actor in systems."
In summary, the letter warned about security researcher Vinny Troia. He was accused of collaborating with an extortion gang called "TheDarkOverloard" and attacking the fastflux technologies. The man in question took the prank in stride and tweeted a rather unbothered response.
Should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name? https://t.co/U4wti1mNNI
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
Read Also: New Planned iPhone Feature Seen to Undermine User Privacy, Security: Scary Details Revealed
FBI Hack Discussed
FBI officially acknowledged the problem on Saturday afternoon. They also released an updated statement about the issue on Sunday. The FBI said the security breach was a misconfiguration on their system and email server, which was fortunately isolated from the agency's infrastructure.
In a tweet, they emphasized that the hackers did not access the "part of the FBI's corporate email service. No actor was able to access or compromise any data or PII [Personally Identifiable Information] on FBI's network."
#FBI Statement on Incident Involving Fake Emails @CISAgov https://t.co/pkF8qtAeH1 pic.twitter.com/Wg4cOerFpE
— FBI (@FBI) November 14, 2021
FBI Hacker Confronted
According to PCmag, someone with the username "Pompompurin" claimed responsibility behind the attack. Pompompurin was confronted by Vinny Troia online, and they are seemingly locked in a heated exchange on Twitter.
A key takeaway for this issue is that this hack prank ultimately undermined the agency's authority. Some recipients thought the content of the letter was questionable, but they were inclined to believe it since it came from a legitimate source.
Instead of being something that people could trust, many might now feel skeptical about receiving FBI emails. Hopefully, the system administrators might resolve this breach decisively in the coming days.
Related Article: Microsoft Issues Warning on HTML Smuggling That Deploys Banking Malware; How to Defend Against Dangerous Attack
