Cybersecurity Private Equity

Cyber TRUST™ Index

-2.8%

Daily Change

+40.9%

Change from Jan 2023

The FBI’s Email System is the Latest Hacking Victim [Weekly Cybersecurity Brief]

According to an article in Forbes, the number of data breaches reported in 2021 not only surpassed the total in 2020 but has established 2021 as a record-breaking year for such activity. Of the concerns included in this cybersecurity storm is the present threat of hackers. Per this week’s news, the FBI is one of the latest organizations to fall victim to this type of attack.

As Gizmodo reports, hackers were able to compromise the Federal Bureau of Investigation’s email system sending out fake emails to tens of thousands of people over the course of Friday and Saturday. To gain access, the hackers utilized a “software misconfiguration” that allowed them to break into the Law Enforcement Enterprise Portal (LEEP) and blast out the emails that appeared to legitimately come from the FBI. The FBI has since put out a press release assuring that they have patched the problem and have not found any evidence pointing to file tampering. 

In additional reporting on the incident, The Verge shares that the emails, which stated that their recipients had been hit by a “sophisticated chain attack,” didn’t just target the contacts that were sent the message. The emails, initially discovered by The Spamhaus Project, also targeted Vinny Troia, whom they claimed was behind the campaign. While it was made to seem as though Troia was a part of the hacking group The Dark Overlord, he is a respected cybersecurity researcher. In reply to the case, Troia tweeted that he believes the attack most likely came from an individual known as “Pompompurin.” In a statement to the outlet KrebsOnSecurity, Pompompurin described the hack as a method to expose the FBI’s vulnerabilities.

As stories like this unfold, so too are efforts to strengthen cybersecurity foundations. On Sunday, the U.S. Treasury Department announced a new partnership with the Israeli Ministry of Finance to address issues like ransomware. The Treasury Department explained that they will work together “to protect critical financial infrastructure and emerging technologies” as well as progress “international cooperation to counter the threat,” according to reporting in The Hill. As part of the agreement, they will share information associated with subjects such as cybersecurity guidance, incidents, threat intelligence and professional training. This initiative follows the United States’ condemnation of the NSO group, an Israeli organization that was accused of selling spyware that was used against journalists and activists among others.

Key Takeaways:

“Hackers Compromise FBI Email System to Spam Fake Cybersecurity Alerts” – Alyse Stanley, Gizmodo

https://gizmodo.com/hackers-compromise-fbi-email-system-to-spam-fake-cybers-1848055664 

  • Hackers were able to compromise the Federal Bureau of Investigation’s email system sending out fake emails to tens of thousands of people over the course of Friday and Saturday.
  • To gain access, the hackers utilized a “software misconfiguration” that allowed them to break into the Law Enforcement Enterprise Portal (LEEP) and blast out the emails.
  • The FBI has since put out a press release assuring that they have patched the vulnerability and have not found any evidence pointing to file tampering.

“The FBI’s email system was hacked to send out fake cybersecurity warnings” – Emma Roth, The Verge

https://www.theverge.com/2021/11/14/22781341/fbi-email-system-hacked-fake-cybersecurity-warnings

  • The emails sent from the FBI system hacking stated that the recipients had been hit by a “sophisticated chain attack.”
  • They also falsely claimed that Vinny Troia was behind them. In actuality, Troia is a respected cybersecurity researcher.
  • Troia shared on Twitter that the attack likely came from an individual known as Pompompurin. Pompompurin gave a statement that the attack was carried out to expose the FBI’s vulnerabilities.

“US and Israel announce joint task force on cybersecurity” – Monique Beals, The Hill

https://thehill.com/policy/cybersecurity/581506-us-and-israel-announce-joint-task-force-on-cybersecurity

  • On Sunday, the U.S. Treasury Department announced a new partnership with the Israeli Ministry of Finance to address issues like ransomware.
  • The Treasury Department explained that they will work together “to protect critical financial infrastructure and emerging technologies” as well as progress “international cooperation to counter the threat.”
  • As part of the agreement, they will share information associated with subjects such as cybersecurity guidance, incidents, threat intelligence and professional training.

Additional Source:

“MORE Alarming Cybersecurity Stats For 2021!” – Chuck Brooks, Forbes
https://www.forbes.com/sites/chuckbrooks/2021/10/24/more-alarming-cybersecurity-stats-for-2021-/?sh=4f70c4e44a36

Share