Connect with us

Hi, what are you looking for?

Cyber Security

Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands

Malicious actors were able to access FBI servers to send fake emails from its infrastructure due to a coding oversight, the US agency has admitted.

Late last week, tens of thousands of emails were sent from FBI addresses warning recipients of impending cyber-attacks.

Among the targets was investigative reporter Brian Krebs, who noted that the email’s message headers “indicated it had indeed been sent by the FBI, and from the agency’s own internet address”.

Vulnerability

According to Krebs, he was contacted by an individual named as ‘Pompompurin’, who claimed responsibility for the incident and said they took advantage of a vulnerability in the FBI’s own systems to carry it out.

“I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc,” Pompompurin said, according to Krebs.

“And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”

Leaked OTP

The vulnerability was in the Law Enforcement Enterprise Portal (LEEP), a federal gateway allowing agencies access to shared resources. According to Pompompurin, the oversight leaked a one-time passcode.

“Basically, when you requested the confirmation code [it] was generated client-side, then sent to you via a POST Request,” Pompompurin told Krebs. “This post request includes the parameters for the email subject and body content.”

A script then replaced those parameters with his own message subject and body, automated the sending of the hoax message to thousands of email addresses.

A statement from the FBI released yesterday (November 14) confirmed that the emails were sent from a legitimate server.

It reads: “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.

“No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

Further questions

Security research team Spamhaus, which has been tracking the campaign, posted a screenshot of one of the emails on Twitter.

Spamhaus noted that emails claim the perpetrator is named ‘Vinny Troia’ – the same name as a US author who has published books about cybercrime – and is associated with cybercrime gang ‘Dark Overlord’.

Troia himself has refuted his involvement, and has claimed on his Twitter account that he will “expose the identity of the FBI hacker” in an upcoming blog.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/vulnerability-in-fbi-email-infrastructure-allowed-malicious-actor-to-send-false-cyber-attack-warnings-to-thousands

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Cyber Security

A China-based cybercriminal known as Storm-0558 gained access to unclassified U.S. government email accounts using forged authentication tokens according to a report released by...

Cyber Security

The precautions and techniques that have been put in place for the protection of email messages from unauthorized access, interception or manipulation is regarded...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO