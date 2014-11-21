FBI system hacked to email 'urgent' warning about fake cyberattacks:
The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.
The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known[sic], who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte
The spam-tracking nonprofit SpamHaus noticed that tens of thousands of these messages were delivered in two waves early this morning. They believe this is just a small part of the campaign.
[...] Researchers at the Spamhaus Project, an international nonprofit that tracks spam and associated cyber threats (phishing, botnets, malware), observed two waves of this campaign, one at 5 AM (UTC) and a second one two hours later.
The messages came from a legitimate email address - eims@ic.fbi.gov - which is from FBI’s Law Enforcement Enterprise Portal (LEEP), and carried the subject “Urgent: Threat actor in systems.”
All emails came from FBI’s IP address 153.31.119.142 (mx-east-ic.fbi.gov), Spamhaus told us.
The message warns that a threat actors[sic] has been detected in the recipients' network and has stolen data from devices.
[...] Spamhaus Project told BleepingComputer that the fake emails reached at least 100,000 mailboxes. The number is a very conservative estimate, though, as the researchers believe “the campaign was potentially much, much larger.”
In a tweet today, the nonprofit said that the recipients were scraped from the American Registry for Internet Numbers (ARIN) database.
While this looks like a prank, there is no doubt that the emails originate from FBI’s servers as the headers of the message show that it’s origin is verified by the DomainKeys Identified Mail (DKIM) mechanism.
(Score: 2) by MostCynical on Sunday November 14, @09:45AM (1 child)
How much could the threat of phishing be reduced by just teaching people grammar and proper sentence parsing?
Most spam seems to come from countries where English is NOT the primary language.. not clicking on links when the message is just in bad English would remove most of the problem (I have posted in the past about email being great for text, but a problem when links and attachments are allowed - the quest for convenience by the lazy has driven us here)
“I've learned from experience that asking politely never works unless you have the upper hand.” Daisuke Aramaki, GIS:SAC
(Score: 1, Touché) by Anonymous Coward on Sunday November 14, @09:47AM
The phishers' English is getting better by the year. The natives'? Not so much.