The FBI mail server used to send fake emails

The FBI has opened up to a fake email incident that occurred over the weekend. The FBI blames it on a misconfiguration of its Law Enforcement Business Portal (LEEP) that allowed unauthorized third parties to send emails from the domain.

“LEEP is the FBI’s IT infrastructure that is used to communicate with our state and local law enforcement partners.

“Although the illegitimate email came from a server operated by the FBI, that server was dedicated to sending notifications to LEEP and was not part of the FBI’s corporate email service. Capable of accessing or compromising personally identifiable information or data on the FBI network. ”

The FBI said it quickly unplugged the “affected hardware,” then quickly repaired the “software vulnerability” and confirmed the integrity of its network.

Spamhaus said it saw two waves of emails being sent.

Brain Krebs reported that the sender of the emails discovered that they could send emails because the FBI was generating a unique client-side code to sign up for a new account at LEEM. This code was sent with a subject line and email body as a POST request to the FBI servers. The manipulation of the query parameters made it possible to send emails and a script was used to automate the sending process.

It would appear that all the alleged misconfigurations and software vulnerabilities were in the way the FBI built its portal, including the way it exposed and transmitted user data to a mail server.

Source: “.com”

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button