FBI email server hack was down to “poor code”

DMCA / Correction Notice
- Advertisement -


The hackers claim it was insecure code in a Federal Bureau of Investigation (FBI) portal designed to share information with state and local law enforcement officials that they misused to send thousands of fakes. E-mail,

- Advertisement -

The hackers were able to deliver spam emails from a valid FBI email address, impersonating FBI Alerts, which falsely claimed that the recipients’ networks had been breached.

in an interview with Krebson Security, the alleged hacker shared that he found a vulnerability in the FBI’s Law Enforcement Enterprise Portal (LEEP), which enabled him to inject a script to destroy fake emails.

Techradar needs you!
advertisement

We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would be very happy if you share your experiences with us.

>> Click here to start survey in new window <

- Advertisement -

Describing the flaw as a “terrible thing to see on any website,” the hacker said it was the first time they’ve seen the flaw on a portal managed by the FBI.

caught in a shootout

Confirming the incident, the FBI assured via a statement that although the messages originated from a server managed by the FBI, it was separated from the agency’s corporate email, and that the hacker could not access any data, or personally identities. Access to Qualified Information (PII) was not allowed. ) on the network of the FBI.

He said it was a “software misconfiguration” in LEEP that helped the hackers send fake emails.

“Once we became aware of the incident, we immediately fixed the software vulnerability, warned partners to disregard fake emails, and verified the integrity of our network,” the FBI said. bleeding computer,

Interestingly, the fake message warned recipients about a “sophisticated chain attack” from an advanced threat actor, whom they identified as Vinnie Troya.

Incidentally, the head of Troia is Cyber ​​security The research of dark web intelligence companies NightLion and Shadowbyte, and a perennial target of threat actors. In fact, according to reports, threat actors often perform malicious operations, such as spoofing a website, and then try to fake the attacks on Troia.

Make sure you don’t make a mistake like the FBI using one of these best email hosting provider, keeping your computer safe from all kinds of cyber attacks with these best endpoint protection tools

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories