FBI is hacked and used to send fake emails by hackers

It has been reported that there is a spam email sent under the name of the FBI domain name 'fbi.gov'. The email was sent by a hacker by exploiting the vulnerability of the FBI's system, and the FBI has already taken steps to take the server offline.

FBI Statement on Incident Involving Fake Emails — FBI


Hoax Email Blast Abused Poor Coding in FBI Website – Krebs on Security

According to the FBI, cases have been confirmed in which fake emails are sent from the email address '@ ic.fbi.gov'.

Upon receiving this email, the security blog KrebsOnSecurity has contacted the sender, 'pompompurin,' and has elicited testimony that he had hacked to point out a vulnerability in the system.

According to pompomprin, the FBI's LEEP (Law Enforcement Enterprise Portal), a service that provides law enforcement and judiciary agencies with malicious resources, allows anyone to register as a user. At that time, the one-time password was leaked in the HTML code of the FBI site.

pompomprin decided to send an email to himself from '[email protected]' by editing the request sent to the browser and rewriting the Subject and Text Context fields of the message. success.

After that, pompomprin created a simple script, replaced the parameters with the ones he created, and sent fake messages to thousands of email addresses.

Regarding this matter, Ionut Ilascu of Bleeping Computer, an IT news site, said that the content of the message was that 'Vinny Troia, the founder of security company Shadowbyte, is attacking the FBI' and hacked the website. Because of the feud between the hacking community and Troia, who are doing things that blame security researchers, he points out that pompomprin may be a member of the hacking community.

FBI system hacked to email'urgent' warning about fake cyberattacks

in Security, Posted by logc_nt