We like to think that our law enforcement authorities have the most sophisticated computer networks around with the highest level of security. After all, they’re responsible for loads of sensitive information that they use to solve crimes.
But even an organization like the FBI is vulnerable to hacking, as we saw today. Someone breached the FBI’s servers, and the hackers sent spam emails warning of fake attacks.
The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known, who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte.
Spamhaus noted that the emails went out to at least 100,000 recipients in a database.
We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021
They also demonstrated what the emails looked like.
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: [email protected]
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
When someone asked what these hackers stood to gain by sending out spam emails with no trojan links or attachments, the Spamhaus Twitter account replied, “Triple action: Convince people to shut things down just in case, while veracity is determined, character assassination of Vinny Troia who was mentioned in it, and flooding the FBI with calls. Or, as someone else said, “for the lulz”. Maybe all of the above. Maybe something else!”
The campaign happened in two waves: the first around midnight EST, followed by a second wave two hours later.
Bleeping Computer reports:
Spamhaus Project told BleepingComputer that the fake emails reached at least 100,000 mailboxes. The number is a very conservative estimate, though, as the researchers believe “the campaign was potentially much, much larger.”
The hacking most likely was a prank, but if the hackers wanted to draw a bunch of phone calls to the FBI, mission accomplished.
Apparently, Vinny Troia is a much-maligned figure in the hacking community, and this isn’t the first attack to target him.
Members of the RaidForums hacking community have a long standing feud with Troia, and commonly deface websites and perform minor hacks where they blame it on the security researcher.
Tweeting about this spam campaign, Vinny Troia hinted at someone known as “pompomourin,” as the likely author of the attack. Troia says the individual has been associated in the past with incidents aimed at damaging the security researcher’s reputation.
Speaking to BleepingComputer, Troia said that “my best guess is ‘pompomourin’ and his band of minions [are behind this incident].”
The FBI issued a statement about the hacking as well: “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”
Join the conversation as a VIP Member