FBI Investigates After Internal Server Sent Fake Emails

The Federal Bureau of Investigation (FBI) confirmed it suffered a cybersecurity incident last Friday, and an investigation has begun.

The FBI said it was “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” but as it was an ongoing situation, it was not able to provide any additional information.

An internal server reportedly sent out over 100,000 fake emails, claiming to be from the US Department of Homeland Security.

Fake email

The emails claimed to be a warning about a supposed threat and were titled: “Urgent: Threat actor in systems.”

The emails told recipients that they were the target of a “sophisticated chain attack” from an extortion group known as the Dark Overlord.

“We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS,” tweeted Spamhaus. “While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”

“These fake warning emails are apparently being sent to addresses scraped from ARIN database,” it added. “They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!”

It even provided an image of the fake email.

There is no word on what the fake email intended to achieve, but could have been a ‘proof-of-concept’ by some hacker collective.

FBI confirmation

The FBI provided an update on Sunday about the incident, which it blamed on a ‘software misconfiguration.’

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails,” the FBI announced.

“LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners,” it stated. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.”

And it assured that no data has been compromised.

“No actor was able to access or compromise any data or PII on the FBI’s network,” said the FBI. “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

Previous incidents

This is not the first time that the FBI has experienced a cyber security incident.

In 2017 the website of the Federal Bureau of Investigation (FBI) was hacked by an attacker known as CyberZeist, who then leaked personal account information to Pastebin.

CyberZeist is said to have exploited a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI.gov website.

Before that in 2016, FBI agents travelled to Scotland to observe the arrest of an unnamed 15-year-old schoolboy in Glasgow over a hack of an FBI system.

The US is seeking to tighten the cybersecurity of governmental systems.

Earlier this month Biden administration ordered US Federal Agencies to tighten up cybersecurity loopholes, to prevent damaging intrusions into government computer systems.

A sweeping directive was issued by the Cybersecurity and Infrastructure Security Agency (CISA), which ordered US federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major intrusion risks within a six month period.