Email servers belonging to the United States government's Federal Bureau of Investigation (FBI) were hijacked to send out fake messages, warning users that cyber attacks are underway.
The messages from the FBI's hacked email servers come from the agency's Law Enforcement Enterprise Portal (LEEP), but anti-spammers and security researchers debunked them as fakes.
"We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS," spam tracker Spamhaus wrote on Twitter.
"While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails are fake."
The emails arrive from FBI-operated infrastructure and have correct headers that validate via the DomainKeys Identified Mail (DKIM) system that is used to prevent forged messages.
Spamhaus said the campaign is "causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure."
The FBI confirmed the hijacking, blaming it on an unspecified misconfiguration.
"A software misconfiguration temporarily allowed an actor to leverage the LEEP to send fake emails," the FBI said in a statement.
"While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service.
"Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."
A copy of the hoax message warns the recipient that they had been targeted by attackers that managed to successfully exfiltrate "several ... virtualised clusters".
The messages attempt to blame an infosec researcher for the (fake) attacks in what is reportedly a long-running character assassination campaign.
The person or persons that exploited the FBI's LEEP portal told KrebsonSecurity they did so in part to bring attention to the vulnerability in the FBI’s system.
