The FBI has acknowledged illegitimate emails were sent from an official FBI email account Saturday morning before the agency took the hardware offline. Breitbart has learned the email is estimated to have reached at least 100,000 inboxes.
“The FBI and CISA [Cybersecurity and Infrastructure Security Agency] are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” the FBI explained in a press release.
“This is an ongoing situation, and we are not able to provide any additional information at this time,” the statement continues. “The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.”
Spamhaus has confirmed to Breitbart News that it estimates at least 100,000 accounts received the email.
“We have been made aware of ‘scary’ emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake,” Spamhaus’s tweet reads.
“These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure,” the organization stated in a follow-up tweet. “They have no name or contact information in the .sig. Please beware!”
For anyone interested, here are the sanitised headers from the sample we got yesterday. pic.twitter.com/KhDluiMSZa
— Spamhaus (@spamhaus) November 14, 2021
Spamhaus tweeted an image of the fake email, which alluded to “extortion gang TheDarkOverlord.” “The Dark Overlord” is an international hacker group “which allegedly steals data and demands big ransoms for its return,” the Washington Post reported.
Breitbart News previously reported on the group, which claimed to be behind the theft and leak of television shows from Netflix and ABC in 2017.
The false email claims that Vinny Troia, who published an investigation on the hacker group in July 2020, was identified as the “threat actor.”
Troia tweeted, “Should I be flattered that the kids who hacked the @FBI email servers decided to do it in my name?”
— Vinny Troia, PhD (@vinnytroia) November 13, 2021
Former Assistant Special Agent in Charge Austin Berglas of the FBI’s New York Cyber Branch spoke with the Washington Post regarding Saturday’s incident. The outlet noted Berglas is not involved in the ongoing investigation of the incident.
“It could have just been a group or individuals looking to get some street cred to tout on underground forums,” said Berglas. “I would think that it would be some sort of criminal group or some sort of ‘hacktivist’ group, rather than a coordinated state-backed attack.”
“It could have been a lot worse,” Berglas also told the Post. “When you have ownership of a trusted dot-gov account like that, it can be weaponized and used for pretty nefarious purposes. [The FBI] probably dodged a bullet.”
Update: This story has been updated to reflect that Spamhaus confirmed that 100,000 people received the emails.