FBI hacked, cybersecurity fake alerts to thousands of users

The FBI has been hacked : a group of unknown persons managed to access a server that manages the mailing lists and sent false cybersecurity alerts to at least 100.000 addresses. Note that the message does not include links or other ways to steal money: the initiative seems more aimed at causing a bit of a stir and defame Vinny Troia, researcher, author and expert at InfoSec. The FBI would like to point out that it has analyzed its internal networks and systems and confirms that nothing has been compromised.

Wow I can’t imagine who would be behind this. #thedarkoverlord aka @pompompur_in https://t.co/Xd6XoZNRnl

– Vinny Troia, PhD (@vinnytroia) November 13, 2021

As you can read from the tweet above, the defamation victim has a pretty good idea who could be the perpetrator of the attack, that is the individual (or group, who knows) hiding behind the @pompompur_in handle on Twitter. Under the name of The Dark Overlord became quite famous a few years ago, when he leaked the entire fifth season of Orange is the New Black before its official release on Netflix. Troy also published private messages sent by the hacker which seem to confirm the suspicion quite strongly, and said that in the past he had already been the victim of similar initiatives from the same source; Dark Overlord claimed responsibility for the action by speaking to Krebs on Security’s Brian Krebs. For the moment, however, there are no formal accusations from the FBI.

Specifically, the hacker managed to take control of the portal called LEEP ( Law Enforcement Enterprise Portal ), due to an incorrect configuration of one of the servers. The portal is used to send email notifications and exchange information between the various US police bodies, and operates on a completely independent network from the internal one – even from the FBI’s internal official email service. Nonetheless, the emails sent by the server appear as legitimate in all respects, since the domain of the address is the official one, that is @ ic.fbi.gov. The attacker himself explained that he succeeded thanks to the poor quality of the portal code : the weak point was that anyone discovering the site could try to create a new account. The aim of the initiative, according to him, was precisely to expose the vulnerability.

Back to top button