America’s top law enforcement agency has been hacked.
Hackers managed to get into the Federal Bureau of Investigation’s external email system on Saturday, sending out thousands of spam emails warning about a cyberattack, according to The Washington Post.
The FBI admitted the hack, though the number of inboxes that received the emails was unclear Sunday. Some outlets like NBC News and The Hill reported at least 100,000 email addresses had received the messages.
“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” the FBI said in a statement. CISA is the acronym for the federal Cybersecurity and Infrastructure Security Agency.
“This is an ongoing situation, and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov,” the statement said.
The fake emails were first reported by The Spamhaus Project, an international nonprofit organization that tracks spam activity.
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: [email protected]
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
The emails carried the subject line, “Urgent: Threat actor in systems” and were signed by a branch of the Department of Homeland Security that hasn’t existed for at least two years, NBC reported.
Some experts said the lack of malicious attachments on the phony emails could mean that the FBI was hacked by someone who did not have a plan to exploit the vulnerability.
“It could have just been a group or individuals looking to get some street cred to tout on underground forums,” Austin Berglas, a former assistant special agent in charge of cyber investigations conducted by the FBI’s New York office, told the Post.
“I would think that it would be some sort of criminal group or some sort of ‘hacktivist’ group” rather than a state backer, he said.
The server hacked was an external unclassified one used by FBI employees to communicate externally, said Berglas, who is now with the cybersecurity company BlueVoyant, according to the Post.
Hackers did not appear to have gained access to internal files containing classified information, he said.
The email cited a group called Dark Overlord, which is alleged to be involved in ransomware, and specifically named cybersecurity expert Vinny Troia, whose company, Night Lion Security, last year published an investigation of the Dark Overlord group, NBC reported.
Troia commented about the attack on Twitter.
“Should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name?” he wrote.
Should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name? https://t.co/U4wti1mNNI
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
Berglas told the Post the incident is a scare, but not deeply damaging.
“It could have been a lot worse,” he told the newspaper. “When you have ownership of a trusted dot-gov account like that, it can be weaponized and used for pretty nefarious purposes. [The FBI] probably dodged a bullet.”