2021 FBI email hack

Last updated

On November 13, 2021, a hacker compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security. [1] [2] [3]

Contents

The emails were sent to addresses taken from the American Registry for Internet Numbers database and it was reported that the hacker used the FBI's public-facing email system which made the emails appear legitimate. The campaign was likely done in an attempt to defame Troia. The hacker "Pompompurin" (revealed in 2023 to be an individual named Conor Brian Fitzpatrick [4] ) later claimed responsibility for the hack. [5]

Responses

FBI

The FBI stated that they remediated the software vulnerability that caused the attack. They told people to ignore the email and "confirmed the integrity" of the FBI's computer systems following the attack. [6]

Pompompurin

The hacker Pompompurin claimed responsibility for attack claiming in an interview with Krebs on Security. [5] In a later interview with ProPublica Pompompurin later claimed the hack was done for "fun." [7]

Vinny Troia blogged about his belief that it was the work of Canadian hacker Chris Meunier. In an interview with ProPublica, Pompompurin denied being Meunier. [7] [8]

Aftermath

In March 2023 Pompompurin was arrested on unrelated computer crime charges in Peekskill, New York and was identified as a 20 to 21-year-old man named Conor Brian Fitzpatrick. Fitzpatrick was said to have told the arresting officer that he was the creator of BreachForums, which had been created to "fill the void" caused by the seizure of RaidForums a few weeks earlier. [9] [10] He was identified as connected to the 2021 Robinhood Markets data breach and a data breach of Twitter in 2022. [11]

Troia's published report attempted to link hacker Pompompurin to Christopher Meunier (Calgary, Canada), one of the core members of the Dark Overlord hacking group. [12] However, Troia's reporting on The Dark Overlord, Gnostic Players, and Pompompurin state a similar MO in which the group's core members would find less sophisticated hackers and publicly use them as patsies.

In a court document released by The United States Court for the Easter District of Virginia, Fitzpatrick pleaded guilty to a number of crimes including running the cybercrime forum BreachForums. [13] [14] In the court documents, Fitzpatrick stated, "that after RaidForums was seized by law enforcement, he was approached by individuals who thought he would be competent enough to run a similar site. Fitzpatrick stated that he agreed to do so.

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">2014 JPMorgan Chase data breach</span> Cyberattack against an American bank

The 2014 JPMorgan Chase data breach was a cyberattack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts—76 million households and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, Canva, and several other online services.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

ShinyHunters is a criminal black-hat hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums is an English-language black hat hacking crime forum. The website acts as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.

Hive was a ransomware as a service (RaaS) operation carried out by the eponymous cybercrime organization between June 2021 and January 2023. The group's purpose was to attack mainly public institutions to subsequently demand ransom for release of hijacked data.

<span class="mw-page-title-main">Vinny Troia</span> American ethical hacker and cybersecurity researcher

Vincenzo Troia is an American ethical hacker and cybersecurity researcher who is known for reporting and identifying The Dark Overlord and hacker pompompurin, who was the owner-operator of the website BreachForums and was also involved in the 2021 FBI email hacking. He is also known for disclosing the Shanghai police database leak in 2022.

References

  1. "FBI email system compromised by hackers who sent fake cyberattack alert". Washington Post. ISSN   0190-8286 . Retrieved 2022-01-26.
  2. Speakman, Kimberlee. "FBI Email Server Hacked, Thousands Of Spam Emails Said To Be Sent Out". Forbes. Retrieved 2022-01-26.
  3. "Hackers compromise FBI email system, send thousands of messages". Reuters. 2021-11-14. Retrieved 2022-01-26.
  4. "US authorities arrest alleged BreachForums owner and FBI hacker Pompompurin". Engadget. Retrieved 2023-03-29.
  5. 1 2 Roth, Emma (2021-11-14). "The FBI's email system was hacked to send out fake cybersecurity warnings". The Verge. Retrieved 2022-01-26.
  6. Cao, Belinda. "FBI Says No Network Data Compromised After Fake Email Incident". Bloomberg .
  7. 1 2 Podkul, Cezary. "Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected". ProPublica. Retrieved 2022-01-26.
  8. "Pompompurin: The hacker behind the FBI email data breach". Night Lion Security. 2021-11-16. Retrieved 2022-01-26.
  9. "FBI arrests BreachForums operator on cybercrime charges".
  10. "Dark Web 'BreachForums' Operator Charged With Computer Crime".
  11. Roth, Emma (2023-03-18). "Feds arrest alleged BreachForums owner linked to FBI hacks". The Verge. Retrieved 2023-03-18.
  12. "POMPOMPURIN: THE HACKER BEHIND THE FBI EMAIL DATA BREACH". Night Lion Security. nightlion.com. Retrieved 16 August 2023.
  13. "United States v. Fitzpatrick (1:23-cr-00119)". Court Listener. Court Listener. Retrieved 17 July 2023.
  14. "Hacking Forum "BreachForums" Alleged Owner Pompompurin Arrested and Charged With Cybercrime". CPO Magazine. CPO Magazine. Retrieved 17 July 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.