An email spam watchdog group discovered that an apparently malevolent hacker sent spam emails to at least 100,000 people from an FBI email server on Friday night. The individual's motivations remain unknown. The email message was a strange, incomprehensible warning that included cybersecurity journalist Vinny Troia and a cybercriminal gang known as The Dark Overlord. In January, Troia's company, Night Lion Security, released research on The Dark Overlord.
The hacker signed off as the Cyber Threat Detection and Analysis Group of the US Department of Homeland Security, which hasn't existed in at least two years. The FBI often alerts American corporations to cyber threats aimed at certain industries or when it learns of criminal hackers employing a successful new tactic. This is thought to be the first instance of a threat actor gaining access to one of those systems in order to distribute spam to a large number of individuals.
Hackers broke into the Federal Bureau of Investigation's email servers and sent spam messages, according to the FBI. Hackers were unable to access any personal identifiable information or other information on the bureau's network, according to the bureau. The FBI claimed in a statement on Saturday that the bogus emails seemed to come from a valid FBI email account ending in @ic.fbi.gov. The hardware affected by the incident was "immediately taken offline upon discovery of the issue," according to the FBI.
The incident follows a series of high-profile hacking attacks on US government networks in recent months, including a Russian-based attack that compromised at least nine federal agencies and a Chinese-based hacking campaign so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate requiring all government agencies to update their software immediately.
An FBI official said in an amended statement on Sunday that the hacker discovered and exploited a flaw in how an agency messaging system is configured, but that they were unable to access FBI information.
"The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners," the emailed statement said.