FBI Email System Hit by Fake Email Hack That Messaged Thousands

The Federal Bureau of Investigation released a statement over the weekend acknowledging that hackers managed to infiltrate the bureau's email servers and send out tens of thousands of spam emails. The emails claimed to be official and were sent out from a compromised FBI-run online portal using a legitimate FBI email address ending in @ic.fbi.gov. However, the bureau claims that the hackers were unable to access any personal information or other identifiable data.

The FBI initially released a statement on Saturday before issuing an update on Sunday. "The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails," the statement read. "LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners."

These emails look like this:

Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: eims@ic.fbi.gov
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh

— Spamhaus (@spamhaus) November 13, 2021

"While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI's corporate email service," the statement continued. "No actor was able to access or compromise any data or PII on the FBI's network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."

 The Spamhaus Project, a nonprofit organization that monitors cybersecurity threats, shared some information about the phony emails on Twitter. They also shared screenshots of the emails in question.  "We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake," they tweeted. "These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!" There is speculation that the hacker behind this breach uses the Twitter handle "@Pompompur_in."