Hackers Snuck Into the FBI Email System, Spammed Over 100,000 Accounts

Last weekend, thousands of people were at the receiving end of emails from the FBI after hackers managed to sneak into the agency's private portal. In a statement, the FBI confirmed that people were receiving emails from an @ic.fbi.gov address and it had since remedied the situation.

Ever since the world started relying more and more on the internet and computers for both work and leisure, cybercrime has seen a dramatic rise. FBI's report earlier this year revealed that as the U.S. battled the pandemic, hackers even targeted monies collected to help victims of the deadly disease. The recent target has been the FBI itself. 

As detailed in the FBI's press statement, hackers were able to tap into the Law Enforcement Enterprise Portal (LEEP) that the agency uses to communicate with state and local-level law enforcement partners. FBI further clarified that the hackers were only able to access the server that pushes notifications on LEEP and not the actual email server. FBI's data was not compromised or accessed by any unauthorized party. 

Further elaborating on the issue, the FBI statement said that a software misconfiguration allowed the hackers to access LEEP and send emails using the FBI's official address. The software vulnerability was remedied and the FBI has confirmed the integrity of its networks. The agency has also informed its partners to disregard the fake emails, the statement reads. 

Although the FBI did not provide any details on the content of these emails, Gizmodo reported that the fake emails warned the recipients that they were at risk of a "sophisticated chain attack" orchestrated by the hacking group "The Dark Overlord" with Vinny Troia as the perpetrator. In reality, Troia is a cybersecurity expert and his cybersecurity company had published an investigative report about The Dark Overlord's activities on the Dark Web, Gizmodo reported. 

Troia thinks that a Twitter user @Pompompur_in may be behind the hack and tweeted this and alleged that they have attempted to malign him in the past as well. 

Wow I can’t imagine who would be behind this. #thedarkoverlord aka @pompompur_in https://t.co/Xd6XoZNRnl

— Vinny Troia, PhD (@vinnytroia) November 13, 2021

Gizmodo also reported that Pompompur_in had previously contacted a different cybersecurity expert, Brian Krebs, and told him that the hack was intended to highlight the vulnerabilities in the FBI's email system.