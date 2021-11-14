Hackers penetrated a Federal Bureau of Investigation external mail system on Saturday and sent out thousands of emails with what appears to be a fake warning of a cyberattack. The emails came from legitimate FBI email addresses that ended in @ic.fbi.gov. The FBI said it was “aware of the incident” but didn’t provide many details. “The impacted hardware was taken offline quickly upon discovery of the issue,” the FBI said.

The Spamhaus Project, an international organization that tracks digital threats, said the emails started going out early Saturday and reached at least 100,000 inboxes. The Spamhaus Project posted a copy of the apparent email to its Twitter account that had the subject line “Urgent: Threat actor in systems.” The email claimed to be a warning from the Department of Homeland Security that the person receiving the message had been the target of a “sophisticated” attack. There was no such attack, but the emails were “causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure,” Spamhaus said.

These emails look like this:



Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)

From: eims@ic.fbi.gov

Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh — Spamhaus (@spamhaus) November 13, 2021

The hackers appear to have accessed an unclassified server that people who work at the FBI use to communicate with the outside world and there was no indication they had managed to penetrate any internal databases. Cybersecurity experts say that considering the emails didn’t contain any malicious attachments suggests the hack may have been accidental and hackers didn’t have a plan to exploit the vulnerability. “It could have just been a group or individuals looking to get some street cred to tout on underground forums,” Austin Berglas, a former assistant special agent in charge of the FBI’s New York office cyber branch, tells the Washington Post.

The email sent out by the hackers said the “threat actor” involved in the supposed attack was cybersecurity expert Vinny Troia, claiming he had a connection with the international hacker group called the Dark Overlord. Troia published an investigation into the Dark Overlord last year. “Should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name?” Troia tweeted. He later noted that he had received a warning there would be an attack carried out in his name.

