FBI Attributes Abuse of Its Email Account to Software 'Misconfiguration'
A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.
The FBI on Saturday responded to a report flagged by Spamhaus of phony emails coming from the agency's actual @ic.fbi.gov domain, calling the incident a result of a software misconfiguration on its Law Enforcement Enterprise Portal (LEEP), from which the FBI communicates with state and local law enforcement.
The emails, which warned of a fake cyberattack, were sent on Nov. 12, and Spamhaus reported early the next morning that the messages indeed were fake: "We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake," Spamhaus tweeted.
The FBI on Saturday confirmed that the emails came from one of its LEEP servers, it was not part of the agency's corporate email system. "No actor was able to access or compromise any data or [personally identifiable information] on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."
Read more here.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024