Saturday, September 24, 2022

FBI email system spammed by hackers’ cybersecurity spam alerts

Cybersecurity spam alerts reached Friday and Saturday the Federal Bureau of Investigation’s (FBI) external email servers by unleashing a wave of fake emails addressing a misleading cyberattack warnings to thousands of people and companies.

In a statement, the FBI revealed that the spam alerts emitted from its Law Enforcement Enterprise Portal (LEEP) system, utilized for communicational purposes between local officials and the states. LEEP’s system acts as a gateway for these authorities to disclose intel on ongoing investigations.

Contradictory to emerging public opinion on the matter, the cybersecurity breach did not address the FBI’s largest corporate email service.

“No actor was able to access or compromise any data or (personally identifiable information) on FBI’s network,” the federal entity disclosed.

“Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks,” it added.

The cybercriminals gained access to LEEP by implementing a “software misconfiguration,” followed by an email blast addressing what happened from a digital ID ending with “@ic.fbi.gov,” to ensure legitimacy, according to the Bureau’s press release.

Once the Federal entity detected the malicious threat, the FBI took offline all its compromised hardware, and any existing vulnerability was “quickly remediated.” In parallel, with reference to the governmental agency, the hackers foundered in accessing the FBI files.

“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the agency revealed in its updated statement on Sunday.

The compromised cybersecurity spam alerts informed people of a high threat of a “sophisticated chain attack,” with the emails incorporating cybersecurity expert Vinny Troia as the mastermind behind the misleading attacks. The emails also went to wrongly allege that Troia has close associations with the cybercriminal group The Dark Overlord.

The non-profit entity that trails spam and cyber threats, The Spamhaus Project’s research revealed that intruders sent the digital alerts to addresses extracted from the American Registry for Internet Numbers (ARIN) database. In parallel, different non-ARIN-associated emails were incorporated into the spam lead deployed to more than 100,000 inboxes, according to the organization’s Twitter account.

Also, computer security reporter Brian Krebs connected an individual who goes by the label Prompompurin to the scene, claiming that the individual contacted him via an FBI email address the minute the attacks were deployed.

“Hi, it Prompmpurin. Check header to this email it’s actually coming from FBI server,” the email states. Then, KrebsOnSecurity also revealed that had the opportunity to communicate with the individual, who for his part alleges that the hack was mostly directed at showcasing security weaknesses with the bureau’s email system.

“I could’ve 1000 percent used this to send more legit-looking emails, trick companies into handing over data, etc.,” he stated to KerbsOnSecurity.

Then, he further elaborated that he and his team manipulated a security flaw on LEEP’s portal and succeeded in registering for an account by utilizing a one-time credential inserted in the page’s HTML, to control email addresses and their body, resulting in the execution of the colossal spam campaign.