Breach, Content

FBI LEEP Email Portal Hacked, Fake Messages Sent, CISA and FBI Confirm

Hackers have hit an FBI email platform and sent fake messages from the system, the Federal Bureau of Investigation and the CISA (Cybersecurity and Infrastructure Security Agency) confirmed. Still, the hack did not involve the FBI's internal email system.

The FBI's initial statement about the email compromise, issued November 13, 2021 said:

"The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation, and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov."

Still, the attack did not involve the FBI's corporate email service, and no data or personal identifiable information was accessed or compromised on the agency’s network, the FBI said in a follow-up statement on November 14, 2021.

Additional details about the FBI email attack, from spam threat intelligence organization Spamhous, suggested:

  • hackers sent "scary" emails from infrastructure that is owned by the FBI and the U.S. Department of Homeland Security (DHS).
  • The fake warning emails were apparently sent to addresses scraped from ARIN database. They caused a lot of disruption because the headers are real, Spamhous asserted.

The spam messages were sent by abusing insecure code in an FBI online portal, KrebsOnSecurity reported.

Stay tuned for additional updates on this story.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.