Last week, thousands of Americans received what appeared to be an ominous warning from the FBI. Email messages, with the subject labeled, “Urgent: Threat actor in systems” landed in inboxes across the country. But no, the FBI did not distribute these warning messages. Nor were the emails faked to appear like legitimate correspondence from the agency. On Saturday, November 14, the FBI confirmed that yes, their email database had been hacked, and yes, the emails had originated from a bad actor or actors who breached their system.
At first, the threat intelligence non-profit group SpamHaus blamed the hack on an individual named Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte. SpamHaus also accused Troia of being affiliated with a hacking group called TheDarkOverlord.
On the other hand, another theory put forth by Kryptos Logic researcher Marcus Hutchins states that the entire thing was a ruse to set up Troia. He tweeted, “Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this.”
Finally, an independent report by Brian Krebs of Krebs on Security stated that “spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.” Krebs claimed that he gained this information straight from the actual hacker, who contacted him personally. Supposedly, the hacker identified as PomPomPurin told him that he simply exploited a flaw in the FBI’s Law Enforcement Enterprise Portal (LEEP) to send the messages.
The FBI appeared to agree with that assessment. “The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails,” the agency said. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network.”
Well, that’s good news. The FBI’s more sensitive files are safe for now! But this story just goes to show that even the FBI can make mistakes. And more importantly, even a mundane flaw in one of your systems could lead to mayhem and a bit of damage to your public image.
If it could happen to the FBI, it could happen to anyone. Contact us at 888-RING-MY-TECH and let’s give your system a checkup, to look for possible vulnerabilities and get those repaired right away.