Tens of thousands of people received fake email alerts on Friday and Saturday purporting to come from the Federal Bureau of Investigation after hackers compromised an FBI-run online portal.
Hackers used a “software misconfiguration” to temporarily gain access to the Law Enforcement Enterprise Portal (LEEP) and send out an email blast from what appeared to be a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a press release. LEEP acts as a gateway for state and local law enforcement authorities to share intel and access resources as part of their investigations.
Once it identified the threat, the FBI took the impacted hardware offline, and the vulnerability was “quickly remediated,” according to the press release. Based on its investigation so far, it doesn’t appear that the hackers were able to access FBI files.
“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI said in an updated statement on Sunday. “No actor was able to access or compromise any data or PII [personally identifiable information] on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
The phony messages warned recipients that they were at risk of a “sophisticated chain attack,” according to screenshots shared on Twitter by The Spamhaus Project, a nonprofit that tracks spam and other cyber threats. The emails name real-life cybersecurity expert Vinny Troia as the perpetrator behind the fake attacks and falsely claim that he is associated with the hacking group The Dark Overlord, the same bad actors that infamously leaked the fifth season of Orange Is the New Black. Troia’s company Night Lion Security, an IT security consulting firm known for investigating the dark web and other cybercrime marketplaces, published an investigative report about The Dark Overlord in January.