Nov 14, 2021 21:30:00

FBI is hacked and used to send fake emails by hackers

It has been reported that there is a spam email sent under the name of the FBI domain name 'fbi.gov'. The email was sent by a hacker by exploiting the vulnerability of the FBI's system, and the FBI has already taken steps to take the server offline.

FBI Statement on Incident Involving Fake Emails — FBI

https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails

We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI / DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI / DHS (the LEEP portal), our research shows that these emails * are * fake.
— Spamhaus (@spamhaus) November 13, 2021

Hoax Email Blast Abused Poor Coding in FBI Website – Krebs on Security
https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

According to the FBI, cases have been confirmed in which fake emails are sent from the email address '@ ic.fbi.gov'.

Upon receiving this email, the security blog KrebsOnSecurity has contacted the sender, 'pompompurin,' and has elicited testimony that he had hacked to point out a vulnerability in the system.

According to pompomprin, the FBI's LEEP (Law Enforcement Enterprise Portal), a service that provides law enforcement and judiciary agencies with malicious resources, allows anyone to register as a user. At that time, the one-time password was leaked in the HTML code of the FBI site.

pompomprin decided to send an email to himself from '[email protected]' by editing the request sent to the browser and rewriting the Subject and Text Context fields of the message. success.

After that, pompomprin created a simple script, replaced the parameters with the ones he created, and sent fake messages to thousands of email addresses.

Regarding this matter, Ionut Ilascu of Bleeping Computer, an IT news site, said that the content of the message was that 'Vinny Troia, the founder of security company Shadowbyte, is attacking the FBI' and hacked the website. Because of the feud between the hacking community and Troia, who are doing things that blame security researchers, he points out that pompomprin may be a member of the hacking community.

FBI system hacked to email'urgent' warning about fake cyberattacks
https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

Related Posts:

Nov 14, 2021 21:30:00 in Security, Posted by logc_nt