FBI Email System Hacked, Used to Broadcast Message About Fake Cyberattacks
Published · Nov 15, 2021
Hackers breached the front end of the FBI’s email system and sent out thousands of fake emails claiming the recipients were victims of a sophisticated attack. The FBI has since taken the affected hardware offline but says the situation is ongoing.
The hackers infiltrated the FBI’s public-facing email system and messaged over 100,000 people. They scraped the addresses from the American Registry for Internet Numbers (ARIN). Bleeping Computer first reported on the incident, while Spamhaus first uncovered the emails.
A main suspect for the incident is a Hacker who goes by the name “Pompompurin.” The emails falsely accuse cybersec researcher Vinny Troia of being behind the imaginary attacks. Pompompurin has allegedly tried to damage Troia’s reputation in the past.
Pompompurin also allegedly messaged reporter Brian Krebs as the mass emailing occurred. The hacker stated their name and then pointed out the email was coming from the FBI’s system. Krebs spoke to the hacker who claimed the attack was to highlight vulnerabilities in the FBI’s email system.
Tightening up Security
As Pompompurin emphasises, the attack could have been much worse. Having the ability to send emails disguised as official FBI emails could have allowed for easy phishing attacks.
The FBI pointed out in a statement that only its notification system was compromised. It blames the attack on a software misconfiguration, claiming its systems are still secure.
Email is still one of the most widely used methods of online communication. This is a testament to its utility, but also the reason it’s often a target for hacking and social engineering attacks. Projects like Spamhaus monitor senders and mark bad actors.
The best emailing software ensures deliverability by drawing on Spamhaus and similar lists to protect their domains from bad actors. Email hosting providers also make sure to keep their security tight to safeguard users and their clients.
Emailing is just another digital area countries and agencies will have to consider as they ramp up efforts to combat cybercrime.
Garan is a writer interested in how tech reshapes the environment, and how the environment reshapes tech. You'll usually find him inoculating against future shock and arguing with bots.
