Yes the FBI Got Hacked. Yes They Know. Yes It’s Worrying.

Yes the FBI Got Hacked. Yes They Know. Yes It's Worrying
Share the knowledge

Over the weekend none other than the FBI had their system hacked. The hackers then proceeded to send email out from “pompompurin” sent ‘from’ [email protected] with the subject “Urgent: Threat actor in systems”, using the FBI’s own mail servers and warning of a “threat” from “Vinny Troia” whom, the email says, is part of an extortion gang called “TheDarkOverlord”. The emails went primarily to system administrators and IT professionals, whose email addresses seem to have been gleaned from WHOIS info.

Curiously the only action advised by the email was to be careful – there was no malicious link to click, no phone number to call – and so what this seems to be is one of the first publicly known examples of completely online SWATting, as Vinny Troia is, in fact, a known security professional.

The FBI says that the system that the hackers breached was an unclassified email server, specifically used for external communications. Still, having the email check out as actually from an FBI server made it seem legitimate, as even the email authentication checked out. In fact, according to Krebs on Security, some of the email also contained the message “Hi its pompompurin. Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.”

In a statement the FBI said that “No actor was able to access or compromise any data or (personally identifiable information) on FBI’s network. Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

Where, in this case, “confirmed the integrity of our networks” seems to be vaguespeak for “confirmed that the integrity of our networks was found wanting”, given that their network was hacked, and the bad guys were able to send email out from the FBI’s own network.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Here’s the full text of that email:

Full Text of Email Sent by Hackers from FBI’s Hacked Email Server

From: [email protected]
Subject: Urgent: Threat actor in systems

Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack. We tried to blackhole the transit nodes used by this advanced persistent threat actor, however there is a huge chance he will modify his attack with fastflux technologies, which he proxies trough multiple global accelerators. We identified the threat actor to be Vinny Troia, whom is believed to be affiliated with the extortion gang TheDarkOverlord, We highly recommend you to check your systems and IDS monitoring. Beware this threat actor is currently working under inspection of the NCCIC, as we are dependent on some of his intelligence research we can not interfere physically within 4 hours, which could be enough time to cause severe damage to your infrastructure.

 

Stay safe,

U.S. Department of Homeland Security | Cyber Threat Detection and Analysis | Network Analysis Group

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.