FBI Hacked: Hackers successfully compromise FBI email system, send over 100,000 emails from official FBI address
Nickie Louise
Posted On November 14, 2021
The hunter has become the hunted. On Saturday, cybers hackers successfully hacked into the Federal Bureau of Investigation (FBI’s) email system on Saturday, using it to send over 100,000 fake emails warning of a possible cyberattack, according to a report from Reuters, citing the FBI and security specialists.
In a separate report from CNN, the FBI confirmed the hacking incident saying on Saturday that it was aware of reports that unauthorized emails were coming from a legitimate FBI email address to thousands of organizations about a purported cyber threat.
The emails — which according to the agency are part of an “ongoing situation” — started coming from an FBI address early Saturday and have hit at least 100,000 inboxes, according to the Spamhaus Project, a Europe-based nonprofit that tracks digital threats. In a statement, the FBI and Cybersecurity and Infrastructure Security Agency confirmed the breach, saying:
“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”
The agency further explained: “Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.” Although the hardware impacted by the incident “was taken offline quickly upon discovery of the issue.” The FBI added, “This is an ongoing situation.”
Earlier today, the FBI said that someone had taken advantage of the software misconfiguration to send emails using an IT system the FBI uses to communicate with state and local law enforcement partners. However, the agency added the incident did not impact its main computer network.
NBC News also confirmed the hacking incident saying that the hacker signed off as the US Department of Homeland Security’s Cyber Threat Detection and Analysis Group, which has been defunct for at least two years. NBC News wrote:
The incident comes on the heels of a number of high-profile breaches of U.S. government networks in recent months, including a Russia-based attack that compromised at least nine federal agencies, and a Chinese-based hacking campaign so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate for all government agencies to immediately update their software.
Researcher Alex Grosjean of the threat-tracking organization Spamhaus Project based in Europe said that the emails’ metadata made clear that they were in fact sent from an FBI server. The recipients appear to be publicly listed website admins, Grosjean added. In a Twitter post, Spamhaus Project said:
“We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.”
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: eims@ic.fbi.gov
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
