FBI e-mail – “Threat Actor in Systems” – is spam


Mountains of email spam from a legitimate FBI address were sent to the victims by a pseudonymous hacker. The sender, who calls himself Pompompurin, caused a lot of dismay and sadness.

The perpetrator’s goal seems to be to discredit Security researcher and part-time DJ “Dr. Vinny Troy (pictured). And also to point out the ridiculously poor tech of the office’s Law Enforcement Enterprise Portal (LEEP) – that could have been so much worse.

There are lessons to be learned. In today’s SB Blogwatch we teach them.

Your humble blog watcher has curated these bloggy bits for your entertainment. Not to forget: TIL “dating sims” are one thing.

LEEP L337 lies

What is that craic? Ionut Ilascu reports – “FBI system hacked to email “urgent” warning“:

Help desk is flooded with calls”
The emails purported to be warning of an “elaborate chain attack” by an advanced threat actor, whom they identify as Vinny Troy. Troia is the head of security research for dark web intelligence companies NightLion and Shadowbyte

Researchers from the Spamhaus Project, an international nonprofit that tracks spam and related cyber threats [said] the forged emails reached at least 100,000 mailboxes. … They believe that this is only a small part of the campaign.

The messages came from a legitimate email address – [email protected] [and] came from the FBI’s IP address … Its origin is verified by the DomainKeys Identified Mail (DKIM) mechanism. … The FBI has confirmed that the content of the emails is fake and that … calls from concerned administrators have flooded their help desk.

and Brian Krebs Goes Deeper – “Hoax Email Blast Bad Coding Abused”:

The FBI's own website has been leaked”
Pompompurin … the person who took responsibility for the joke, [says] the spam messages were sent through the abuse of unsafe codes in an FBI online portal. … The LEEP portal made it possible for anyone to apply for an account. … An important step in the process is that applicants receive an email confirmation from. obtain [email protected] with a one-time passcode [but] the FBI’s own website leaked this unique passcode in the website’s HTML code.

Pompompurin said they could email yourself from [email protected] by editing the request sent to your browser and changing the text in the “Subject” and “Text content” fields of the message. … A simple script replaced these parameters with its own message subject and body and automated the sending of the hoax.

LEEP? Simon Sharwood says – “We want to believe“:

Safe area”
The server in question was part of LEEP, which the FBI describes as a “secure platform for law enforcement, intelligence groups and criminal justice agencies.” [that] provides web-based investigation tools and analytical resources to other law enforcement agencies. “Users work together in a secure environment.”

At least that’s what they do when they’re not trying to figure out what “exfiltration of multiple of your virtualized clusters in a sophisticated chain attack” means. But we digress.

What does the Presidium have to say for itself? Shadowy PR gnomes radiate that “FBI statement on the incident“:

Be careful with unknown senders”
The FBI is aware of a software misconfiguration that temporarily allowed an actor to … use LEEP to send fake emails. … While the illegitimate email came from a server operated by the FBI, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.

No actor was able to access or compromise any data or PII on the FBI’s network. … The affected hardware was quickly switched offline after the problem was discovered. We continue to urge the public to be careful with unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.

SRSLY? “Beware of unknown senders”? That’s the whole point – the sender is not unknown! xhkkffbf sounds ready to give up:

If I got an email from fbi.gov I would assume it belongs in the same pile as the great offers from this Nigerian prince. Even if I look at the headers, I wouldn’t be convinced.

Perhaps we should try harder to create a public key infrastructure for e-mail.

who is responsible for that (ahem) “misconfiguration”? ICS retired want them to leave their lawn:

So it appears the FBI is using the same kiddies to create the same old standard bunch of highly abusive **** as everyone else. In general, this is a watt problem. It is only obvious that the FBI would face the same wattage problem as everyone else since they source their lightbulbs from the same store.

But poor old Vinny. Sympathy is not an emotion that is seconded by u / Fr0gm4n:

Troia is a self-glorifying, self-confident “security advisor” whose public image is first and foremost the media personality, and only then the actual security expert. His website was hacked a few years ago to provide spam redirects and I still laugh when his name comes up.

But what about the trolling hacker? Here is Chris Holland:

Pompouspurin has just stuck a stick in a huge nest of angry hornets. He will be severely stung for pointless zero ingestion activity.

In the meantime, Isaac-@eyestray– has some positive affirmations for the FBI:

Good example for: …
1) It will happens to everyone, and
2) Manage your scope so that if it does, the impact is minimized.

Don’t feel bad saying, “It could have been worse.” Instead, know that you did your job.

And finally:

Come back ELIZA – everything is taken

Previously in And finally

they have read SB blog watch from Richi Jennings. Richi curates the best blogs, the best forums, and the craziest websites … so you don’t have to. Hate mail can be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E & Ö. 30th

Image sauce: Vinny Troy


About Author

Comments are closed.