"Hackers Fire Off Hoax Email Messages From FBI Account After Exploiting Misconfigured Server"
The FBI discovered that hackers sent a barrage of fake emails over the weekend using an FBI email account to falsely warn recipients that an attacker stole their information. The nonprofit spam-tracking service Spamhaus Project estimated that the hoax email campaign comprised as many as 100,000 messages. The FBI stated that the hackers temporarily broke in via a software misconfiguration for its Law Enforcement Enterprise Portal that the bureau uses to communicate with state and local law enforcement agencies. The FBI noted that while the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. The FBI also noted that no actor was able to access or compromise any data or PII on the FBI’s network. The incident is only the latest to see major parties who investigate cyberattacks hacked themselves, and a reminder that common errors like software misconfigurations can undermine the security of virtually anyone. Security researcher Kevin Beaumont stated that he thinks many people will be watching the public response by the FBI to this attack in the coming weeks. The researcher also noted that the FBI could be as transparent as possible about the breach, which may aid companies in the future in how to handle breaches that affect them.