Facepalm: US FBI Systems Are Pwned And Sending Fake Cyberattack Emails

fbi infrastructure sending fake emails
Nowadays, it is a matter of when, not if, a cybercriminal will breach a company or organization. It appears that the U.S. Federal Bureau of Investigation (FBI) is figuring this out the hard way, as a threat actor has been sending emails from the FBI's system infrastructure since early this morning. While this should not be cause for alarm at this time, it is interesting to observe regardless.

After midnight this morning, threat intelligence group Spamhaus reported that "scary" fake emails were being sent from the FBI and Department of Homeland Security's infrastructure. These emails, such as the one pictured below, generally contained worrisome cybersecurity mumbo-jumbo in a plaintext format that looks more like a text document than an email from a government agency.

fake email example fbi infrastructure sending fake emails
Example OF Fake Cybersecurity Threat Email

With this, Spamhaus believes that these emails are a "combination scare-ware (get people to shut things down or make changes in a hurry), and a character assassination against the guy named in it, AND a way to make the FBI scramble." Though the poor grammar and odd formatting should be a tip-off to this being fake, it quite likely tricked some people into action. Kevin Beaumont, cybersecurity reporter and researcher, briefly explained a likely scenario on Twitter, stating, "Your CISO and leadership team aren't online. Incident response kicks in, RIP those on call getting the call about FBI attack notification at 2am." This sort of chaos could lead to failures or overreactions in the chain of command, causing further problems for a company that received the threatening emails.

krebs email fbi infrastructure sending fake emails

Amusingly, Brian Krebs of KrebsOnSecurity also received one of these emails. However, his was rather larger and he was able to capture its header information as well. Regardless, it seems these emails are nothing to be worried about, even though they are coming from US federal email infrastructure. Hopefully, the FBI will shut down this bothersome intrusion shortly, if not already. Moreover, perhaps this could be treated as a good live-fire drill to help incident response in the future.