Who managed to breach the servers belonging to the Federal Bureau of Investigation (FBI) and send out fake emails? The last weekend was hit by shocking news that the leading U.S. law enforcement agency had suffered a cyberattack.
It turns out that fake emails attributed to the U.S. Department of Homeland Security emanated last Saturday from a secure FBI computer server.
According to an FBI press release, occurrence of the cyberattack was confirmed to be true, although the FBI itself and the agency’s Cybersecurity and Infrastructure Agency (CISA) was initially conservative about sharing details surrounding the hack.
However, an updated November 14 statement by the FBI read:
“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
Comments by Stakeholders and Experts
Right after the FBI made their statement, Spamhaus (an international organization that supplies realtime threat intelligence to the Internet’s major networks) tweeted about the incident and pointed out that the emails were fake (See screenshot).
Figure 1: The tweet posted by Spamhaus about the FBI cyber incident.
The message posted by the European body that specialized in tracking online scams read:
“We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”
In the same breath, The Washington Post reported that a host of cybersecurity experts came out to highlight the high possibility that the threat actor may have come across a vulnerability in the FBI portal but lacked the plan to exploit it.
The rationale is pegged on the fact that the fake email was not loaded with any malicious attachments that would typically be used by cybercriminals to trick unsuspecting users into giving up their sensitive data.