FBI server sending fake emails taken offline and fixed, no data impacted
The FBI has addressed an incident over the weekend in which fake emails were sent due to a misconfiguration in its Law Enforcement Enterprise Portal (LEEP). The misconfiguration allowed emails to be sent from an official domain, ic.fbi.gov. According to the FBI, LEEP is an IT infrastructure used by the agency to communicate with state and local law enforcement partners. The illegitimate email originated from an FBI-operated server dedicated to pushing notifications for LEEP. The FBI confirmed that no threat actors gained accessed to or compromised any data on the agency’s network.
Initially, the FBI stated that it had taken the impacted hardware offline, but later remediated the vulnerability and confirmed its network integrity to rule out the possibility of a cyberattack. Spamhaus stated that it observed two waves of illegitimate emails being sent from the server. Brian Krebs reported on the incident, stating that the FBI was generating one-time codes for clients to sign up for a new account on LEEP. This code was sent along with an email subject and body as a POST request to FBI servers. Manipulating the request parameters is what allowed the emails to be sent out. Krebs also stated that a script was used to automate the sending process.