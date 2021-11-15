



Security issue saw fake emails sent from legitimate agency accounts Malicious actors were able to access the FBI’s servers to send fake emails from its infrastructure due to a coding error, the US agency admitted. At the end of last week, tens of thousands of emails were sent from FBI addresses warning recipients of impending cyberattacks. Among the targets was investigative reporter Brian Krebs, who noted that the headers of the email messages indicated that it had indeed been sent by the FBI and from the agency’s Internet address. Vulnerability According to Krebs, he was contacted by an individual named Pompompurin, who claimed responsibility for the incident and said he took advantage of a vulnerability in the FBI’s own systems to carry it out. I could have used it 1000% to send more legitimate emails, trick businesses into forwarding data, etc., Pompompurin said, according to Krebs. And that would never have been found by anyone responsible for disclosing, due to the notice the federal government posted on its website. OTP leak The vulnerability was in the Law Enforcement Enterprise Portal (LEEP), a federal gateway allowing agencies to access shared resources. According to Pompompurin, oblivion disclosed a one-time access code. Basically when you asked for the confirmation code [it] was generated on the client side and then sent to you via a POST request, Pompompurin told Krebs. This post request includes settings for the subject and body content of the email. A script then replaced these settings with its own message subject and body, automating the sending of the hoax message to thousands of email addresses. Learn about the latest security news in the United States An FBI statement released yesterday (November 14) confirmed that the emails were sent from a legitimate server. It reads: While the illegitimate email came from a server operated by the FBI, that server was dedicated to sending notifications for LEEP and was not part of the FBI corporate email service . No actor has been able to access or compromise any data or personal information on the FBI network. Once we learned of the incident, we promptly fixed the vulnerability in the software, warned our partners to ignore fake emails, and confirmed the integrity of our networks. Other questions The Spamhaus security research team, which followed the campaign, posted a screenshot from one of the emails on Twitter. Spamhaus noted that the emails claim the author’s name is Vinny Troia the same name as an American author who has published books on cybercrime and is associated with the Dark Overlord cybercrime gang. Troia himself has refuted his involvement and has claimed on his Twitter account that he will expose the identity of the FBI hacker in a future blog. YOU CAN LIKE Interpol launches arrest warrants against members of the Clop ransomware gang

