FBI or the Federal Bureau of Investigation has recently been compromised in a dark web feud between hackers. The hackers have allegedly hacked into FBI email servers to send messages to a dark web security researcher. This is something that was unexpected to any of us, but it turns out that the FBI’s security enhancements have to be updated, and they were not as good as they claimed it to be.
There are hackers that lay low on the dark web and then there are security research companies that target these hackers to bring them down. This time, the rivalry has become public as the hackers hacked into the Federal Bureau of Investigation which, according to a report by Bleeping Computer and Engadget, has confirmed the breach. FBI told the reporters that their systems were compromised early on 13th November to send fake messages to Vinny Troia, the leader of dark web security research companies- Shadowbyte and NightLion.
Now, as mentioned in a report by Engadget, Spamhaus, a non-profit intelligence organization shed light on these fake messages. However, they confirmed that the hackers have used legitimate FBI systems to conduct the attack, using email addresses that were found in the FBI’s database for the American Registry of Internet Numbers, among multiple other sources. This is an enormous hack that could have led to a disaster but the hackers used it only to target the dark web researcher. The reported further note that more than 10,000 addressed were involved in receiving these fake messages in a total of two waves, according to Engadget and Bleeping Computer.
Troia, the security researcher who was the recipient of these fake emails says that this could have something to do with “Pompomourin”, an entity that has attempted an attack on the researcher in the past, however, there is no official confirmation for the same, yet. As a precautionary measure, the FBI has asked the email recipients to report fake emails like to its Cybersecurity and Infrastructure Security Agency or the Internet Crime Complaint Centre.
These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!
Whatever this was, the FBI got compromised which was not supposed to be that easy and with this incident, at least the bureau got an idea of where they stand and what all improvements, they have to make in their security systems to make them impenetrable.
Although, it hasn’t been the first time that law enforcement has been dragged into such a mess, but the United States security agencies must fix this as soon as possible, before another potentially harmful attack.