Fake cyberattack emails sent to thousands by FBI hacker

Thousands of people received fake emails from the FBI last week, after a hacker infiltrated their external email system – though no personal information was accessed during the attack.

 

The emails, which warn of a non-existent cyberattack, appear to come directly from the FBI, and it's likely that the hacker extracted the targeted addresses from an online database. Fortunately, no personal information was accessed or compromised during the attack – though the FBI has called the incident an "ongoing situation".

Convincing fakes

The Spamhaus Project shared one of the spam emails on Twitter and analyzed the metadata to determine that the hacker in question accessed the FBI's Law Enforcement Enterprise Portal (LEEP) to send the bogus communications.

These emails look like this:

Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: [email protected]
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh

— Spamhaus (@spamhaus) November 13, 2021

LEEP is not a part of the FBI's corporate email service, and is instead used to communicate with state and local officials. In fact, the spam emails came from a server used to push LEEP notifications.

Thousands of addresses received fake emails – and it's likely that the hacker gathered some of these addresses from the American Registry for Internet Numbers database. The emails themselves warn recipients of an impending cyberattack, with a subject line taken directly from FBI infrastructure and a body of text overstuffed with technical language.

Fortunately, the FBI issued a brief statement claiming that the hacker did not access internal databases or agency networks, and did not compromise any state secrets or classified personal information.

Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.

FBI

Missing motivation

Currently, the objective behind the attack remains unclear, as the emails themselves lack any discernible call to action, common in most phishing attempts – it has been theorized that the hacker may have discovered the LEEP vulnerability by chance.

The individual may have simply intended to impress underground groups of like-minded cybercriminals. Alternatively, though the vulnerability was not exploited for financial gain, it's possible that they used the fake emails as targeted smear tactics in response to a cybersecurity investigation.

The messages mention the Dark Overlord hacking group, infamous data thieves who often demand large ransoms, and claim that Vinny Troia is the "threat actor" (hacker/culprit). Troia, the founder of Night Lion Security, published detailed research on the criminal Dark Overlord gang in 2020 – and even exposed the identity of a hacker over the course of the report.

Disaster averted

According to the FBI, the hardware impacted by the incident has been taken offline – and the Bureau also recommends that any suspicious emails be reported to ic3.gov or cisa.gov.

Once again, it's incredibly fortunate that no identifiable data was compromised or leveraged in successive cyberattacks – a hacker with access to a government email system could have abused the power to affect thousands of individuals, after all, and cybersecurity experts are now wondering why the FBI's LEEP portal was so easily infiltrated.

The incident also underlines the persistent threat of phishing, a scam often conducted via email that accounts for around 90% of all data breaches. An estimated 3.4 billion phishing emails are sent out each day, and the sheer volume of attacks increased by 20% in 2021.

These scams often leverage the names and reputations of well-known organizations, like the FBI and other government bodies, to scare victims into handing over their personal information or financial details.

The fault in our emails

Emails are, unfortunately, just not that secure – they weren't designed with privacy in mind, and cases like these further underscore that reality.

Sent emails are stored in plaintext on a server and, as such, we can only hope that our email providers and IT administrators don't decide to take a peek for themselves. There's no guarantee that emails containing sensitive information or vital financial or personal details will be kept safe in transit or at rest, and there's no way to recall sent emails, either.

Additionally, we now know that Google scans emails to collect information about its users and create detailed profiles – which are then used for advertising revenue, and can even be valuable to invasive (and data-hungry) agencies like the NSA.

The good news

There are reliable alternatives available, however, and plenty of security-minded email providers offer peace of mind and privacy in return for a small subscription fee.

These providers don't scan emails, don't serve heaps of advertisements, and utilize end-to-end encryption to keep user correspondences out of the hands of nosy providers, the NSA, and any opportunistic hackers looking to impress their friends.

 

Written by: Hannah Hart

Originally hailing from Wales, Hannah Hart graduated from Manchester Metropolitan University with a 1:1 in Creative Writing, going on to work as an Editor across a number of trade magazines. As a professional writer, Hannah has worked across both digital and print media, and is familiar with collating news pieces, in depth reports and producing by lines for international publications. Otherwise, she can be found pouring over a tarot deck or spending more hours than she'll ever admit playing Final Fantasy 14.

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Large brand with very good value, and a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service