The FBI's Email Was Used to Terrify System Administrators – PCMag

December 31, 2021
69
Views

A problem with an official FBI website allowed someone to send hoax emails from the '[email protected]' domain.
System administrators were recently awakened by terrifying emails from an address associated with the FBI claiming that a threat actor had compromised their systems. It turns out the emails were fake, however, and seem to have been enabled by a flaw in an FBI website.
A threat intelligence firm called Spamhaus revealed the fake emails just after 4 a.m. on Nov. 13. The messages themselves weren’t particularly believable, but the email headers indicated they were indeed sent from the FBI, which made figuring out how to respond to them more difficult.
The FBI acknowledged the problem on Nov. 13 but didn’t offer additional details about what happened. Then it released an updated statement about the issue on Nov. 14:
The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.
Brian Krebs of KrebsOnSecurity reports that someone calling themselves “Pompompurin” sent the fake emails to reveal a flaw in LEEP’s sign-up process. The site reportedly used one-time passwords to confirm that new users could receive emails at the address they entered, but those passwords were revealed in the web page’s HTML file, thereby allowing people to bypass this verification process and create accounts associated with any email address they wished.
“I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin reportedly told Krebs. “And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”
Pompompurin also used the opportunity to defame Vinny Troia, a cybersecurity researcher, by identifying him as the threat actor in the hoax emails. Troia predicted Pompompurin was behind the spam on Nov. 13, and the two have been engaged in a back-and-forth on Twitter since.
The hoax emails might have been meant to draw attention to the flaw in LEEP then, but it also served the double purpose of spreading misinformation about Troia via the FBI’s email infrastructure. Sysadmins concerned about their own networks were merely caught in the middle.
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
Advertisement
Nathaniel Mott is a writer and editor who has contributed to The Guardian, Tom’s Hardware, and several other publications in varying capacities since 2011.
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
© 1996-2021 Ziff Davis. PCMag Digital Group
PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source
Know More, call us +91 8920355837 or mail us: info@speora.com. Visit us: https://www.speora.com

Article Categories:
Technology

Leave a Reply

Your email address will not be published.