Breaking: FBI Got Hacked, Here is What We Know so Far

0
522
FBI

The Federal Bureau of Instigation was embarrassingly hacked last week. The cyber attack exploit, which affected hundreds of thousands, appeared to originate inside the FBI itself. On Saturday, November 13, the bureau’s Cybersecurity and Infrastructure Security Agency issued an emergency statement admitting they are “aware of the situation and have taken the impacted hardware offline.”

FBI attack warnings

When the network gurus at the Internet Service Provider companies get an email from the FBI alerting about a threat, they take it seriously. The big problem is that the bureau didn’t send it.

There was, apparently an attack. The companies who were warned were exactly the ones which should have been alerted. The messages were fake, leaving Christopher Wray to play the part of the victim.

The hackers injected a list of more than 100,000 email addresses “scraped from ARIN database” into a server at the Department of Homeland Security. They note in their official statement that “the fake emails came from a legitimate FBI email.”

They further explained, they “are causing a lot of disruption because the headers are real.” They really are coming from government infrastructure but they “have no name or contact information in the .sig. Please beware!”

The FBI experts are scrambling to find out what happened and prevent it from happening again. They’re clueless and begging for help.

“This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.”

Technological nonsense

So far, FBI forensic specialists are in the dark as to who the sender is or what’s the “motive behind the rambling, incoherent emails, filled with technological nonsense.”

Information Technology execs were warned by the U.S. Department of Homeland Security’s Cyber Threat Detection and Analysis Group that “their information may be under attack by Vinny Troia, famous hacker and owner of cybersecurity company Night Lion Security, in connection with notorious cybersecurity group TheDarkOverlord.”

On Sunday, the feds issued an update. They figured out that a “software misconfiguration” allowed “an actor to leverage an FBI system known as the Law Enforcement Enterprise Portal, or LEEP, to send the fake emails.”

It has a particular purpose. “The system is ordinarily used to by the agency to communicate with state and local law enforcement partners.” When the recipients get an email from that address, they automatically think it’s authentic. Luckily, the bulletin didn’t advise any software “patches.”

According to an FBI spokesperson, “No actor was able to access or compromise any data” or personal information.

“Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here