How Did the FBI Fall Victim to a Massive Email Server Breach?

Organizations and innocent people around the world have fallen victim to cyber attacks and the FBI is no exception. On Saturday morning, the agency was breached by a hacker, who sent thousands of fake emails out to random people. Fortunately, it looks as if the hacker didn’t get away with too much sensitive information.

Since the attack occurred, the FBI has acknowledged the occurrence of the incident and is still investigating. While exact information about the hacker hasn’t been fully revealed yet, there is much speculation over their identity. And the person responsible for the cyber attack may be a notorious hacker.

The hacker was able to target the email addresses by taking from the American Registry of Internet Number (ARIN). The ARIN is an organization that helps create and manage IP addresses across the U.S., Canada, the Caribbean, and other parts of the world.

Spamhaus, an international threat intelligence organization, was the first to find the breach. In a thread of tweets, they revealed that, even though the emails were sent from the servers of the FBI, they were fake. Emails the organization was able to capture came from a sender of the name “eims@ic.fbi.gov.” The message claims a hacker is a threat to internet infrastructures.

Spamhaus is one of the top cybersecurity organizations in the world and quickly tracks and reacts to various cyber attacks such as malware, network attacks, spam, phishing, and more. Helping protect the internet for over 20 years, the group has protected more than three billion internet users.

After the reports of the cyber attacks were made public Saturday, the FBI released a statement later that day, acknowledging the breach had occurred. The agency mentioned that, even though the fraudulent emails came from an FBI operated server, the server's sole purpose is sending notifications for the Law Enforcement Enterprise Portal (LEEP) and it is not part of the agency’s corporate email service. It also stated that none of its personal information or data was accessed or compromised by the actor.

LEEP is an online platform that serves as a hub for those who work in law enforcement and other related industries such as intelligence, criminal justice, and armed forces. The platform has multiple uses, with features such as a system for tracking active shooters, child abductions, natural disasters, terrorists, and other threats that occur around the world. There are also online forums and blogs on the platform that members can use to communicate with one another.

The fraudulent email claimed that a person by the name of Vinny Troia was responsible for the attack and that he was affiliated with a hacking group called The Dark Overlord. The Dark Overlord is an infamous group of hackers that are best known for stealing episodes of Orange Is the New Black from Netflix and holding them ransom. The claim is inaccurate, however; Troia is actually a cybersecurity specialist who has worked with various criminal justice organizations for over 20 years.

On Twitter, Troia suggested the hacker is actually a person who goes by the name of “Pompompurin.” Brian Krebs, a cybersecurity reporter, also speculates that Pompompurin is behind the attack.

Krebs said that he received an email from Pompompurin taking responsibility for the hack and boasting that he could have sent much more fraudulent emails and accumulated more sensitive information than he did.