FBI Investigates After Internal Server Sent Fake Emails

The Federal Bureau of Investigation (FBI) confirmed it suffered a cybersecurity incident last Friday, and an investigation has begun.

The FBI said it was “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” but as it was an ongoing situation, it was not able to provide any additional information.

An internal server reportedly sent out over 100,000 fake emails, claiming to be from the US Department of Homeland Security.

Fake email

The emails claimed to be a warning about a supposed threat and were titled: “Urgent: Threat actor in systems.”

The emails told recipients that they were the target of a “sophisticated chain attack” from an extortion group known as the Dark Overlord.

“We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS,” tweeted Spamhaus. “While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”

“These fake warning emails are apparently being sent to addresses scraped from ARIN database,” it added. “They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!”

It even provided an image of the fake email.

Fake FBI email. Copyright Spamhaus

There is no word on what the fake email intended to achieve, but could have been a ‘proof-of-concept’ by some hacker collective.

FBI confirmation

The FBI provided an update on Sunday about the incident, which it blamed on a ‘software misconfiguration.’

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails,” the FBI announced.

“LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners,” it stated. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.”

And it assured that no data has been compromised.

“No actor was able to access or compromise any data or PII on the FBI’s network,” said the FBI. “Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

Previous incidents

This is not the first time that the FBI has experienced a cyber security incident.

In 2017 the website of the Federal Bureau of Investigation (FBI) was hacked by an attacker known as CyberZeist, who then leaked personal account information to Pastebin.

CyberZeist is said to have exploited a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI.gov website.

Before that in 2016, FBI agents travelled to Scotland to observe the arrest of an unnamed 15-year-old schoolboy in Glasgow over a hack of an FBI system.

The US is seeking to tighten the cybersecurity of governmental systems.

Earlier this month Biden administration ordered US Federal Agencies to tighten up cybersecurity loopholes, to prevent damaging intrusions into government computer systems.

A sweeping directive was issued by the Cybersecurity and Infrastructure Security Agency (CISA), which ordered US federal agencies to patch hundreds of cybersecurity vulnerabilities that are considered major intrusion risks within a six month period.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

DeepMind Co-Founder Suleyman Departs For Investment Firm

DeepMind co-founder Mustafa Suleyman leaves parent company Google for Silicon Valley venture capital firm after…

5 hours ago

US Legislation To Boost Chip Funding Set For House

US House of Representatives set to introduce bill on tech funding and domestic chip manufacturing,…

6 hours ago

Intel Says Ohio Site Could Become World’s Biggest Chip Plant

Intel chooses Ohio site for manufacturing investment that could grow to $100bn over ten years,…

6 hours ago

Digital Bank Chime Financial Plans Massive IPO

Chime Financial plans New York IPO worth up to $40bn after Covid-19 pandemic leads to…

7 hours ago

Twitter Shake-Up Sees Departure Of Top Security Staff

Twitter says head of security no longer at company and chief information security officer to…

7 hours ago

Google Asks Judge To Dismiss Most Of Texas Antitrust Case

Google asks federal judge to dismiss most counts of antitrust case filed by Texas and…

8 hours ago