FBI email infrastructure hijacked to send out fake messages

By on
FBI email infrastructure hijacked to send out fake messages

Bogus warnings blame cyber security expert for attacks.

Email servers belonging to the United States government's Federal Bureau of Investigation (FBI) were hijacked to send out fake messages, warning users that cyber attacks are underway.

The messages from the FBI's hacked email servers come from the agency's Law Enforcement Enterprise Portal (LEEP), but anti-spammers and security researchers debunked them as fakes.

"We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS," spam tracker Spamhaus wrote on Twitter.

"While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails are fake."

The emails arrive from FBI-operated infrastructure and have correct headers that validate via the DomainKeys Identified Mail (DKIM) system that is used to prevent forged messages.

Spamhaus said the campaign is "causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure."

The FBI confirmed the hijacking, blaming it on an unspecified misconfiguration.

"A software misconfiguration temporarily allowed an actor to leverage the LEEP to send fake emails," the FBI said in a statement.

"While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.

"Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."

A copy of the hoax message warns the recipient that they had been targeted by attackers that managed to successfully exfiltrate "several ... virtualised clusters".

The messages attempt to blame an infosec researcher for the (fake) attacks in what is reportedly a long-running character assassination campaign.

The person or persons that exploited the FBI's LEEP portal told KrebsonSecurity they did so in part to bring attention to the vulnerability in the FBI’s system.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
email fbi hijack leep security server

Sponsored Whitepapers

ForgeRock for Australia&#8217;s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
How engineering has been operating in the dark and what to do about it
How engineering has been operating in the dark and what to do about it
The Top Six Digital Transformation Trends Shaping Business and Society
The Top Six Digital Transformation Trends Shaping Business and Society
5 challenges to keeping application environments secure
5 challenges to keeping application environments secure
How Tomago made SAP HANA sing
How Tomago made SAP HANA sing

Events

Most Read Articles

NBN Co offers to upgrade up to 6000 FTTN customers from this month

NBN Co offers to upgrade up to 6000 FTTN customers from this month
WA Health CIO resigns just 10 months in

WA Health CIO resigns just 10 months in
Canberra's gov-wide Microsoft sourcing deal soars $600m

Canberra's gov-wide Microsoft sourcing deal soars $600m
NBN Co caps fibre upgrade trial numbers to a maximum of 525 premises

NBN Co caps fibre upgrade trial numbers to a maximum of 525 premises

Digital Nation

Australia's international student applications crash, while US, UK and Canada surge
Australia's international student applications crash, while US, UK and Canada surge
"Kill all you see." The tragic, real world consequences of Facebook&#8217;s algorithms
"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
Cover Story: How the best run global supply chains mitigate pandemic chaos
Cover Story: How the best run global supply chains mitigate pandemic chaos
Case Study: Customer Loyalty, channel harmonisation bolstered Country Road through the pandemic
Case Study: Customer Loyalty, channel harmonisation bolstered Country Road through the pandemic
Digital transformation delivers a great lurch forward, and a reckoning on purpose
Digital transformation delivers a great lurch forward, and a reckoning on purpose

Log In

Email:
Password:
  |  Forgot your password?