2021 FBI email hack

Last updated

On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security. [1] [2] [3]

Contents

The emails were sent to addresses taken from the American Registry for Internet Numbers database and it was reported that the hacker used the FBI's public-facing email system which made the emails appear legitimate. The campaign was likely done in an attempt to defame Troia. Fitzpatrick later claimed responsibility for the hack. [4]

Responses

FBI

The FBI stated that they remediated the software vulnerability that caused the attack. They told people to ignore the email and "confirmed the integrity" of the FBI's computer systems following the attack. [5]

Pompompurin

The hacker Pompompurin claimed responsibility for the attack in an interview with Krebs on Security. [4] In a later interview with ProPublica Pompompurin later claimed the hack was done for "fun." [6]

Vinny Troia blogged about his belief that it was the work of Canadian hacker Chris Meunier. In an interview with ProPublica, Pompompurin denied being Meunier. [6] [7]

Aftermath

In March 2023 Pompompurin was arrested on unrelated computer crime charges in Peekskill, New York and was identified as a 20 to 21-year-old man named Conor Brian Fitzpatrick. Fitzpatrick was said to have told the arresting officer that he was the creator of BreachForums, which had been created to "fill the void" caused by the seizure of RaidForums a few weeks earlier. [8] [9] He was identified as connected to the 2021 Robinhood Markets data breach and a data breach of Twitter in 2022. [10]

Troia's published report attempted to link hacker Pompompurin to Christopher Meunier (Calgary, Canada), one of the core members of the Dark Overlord hacking group. [11] However, Troia's reporting on The Dark Overlord, Gnostic Players, and Pompompurin state a similar MO in which the group's core members would find less sophisticated hackers and publicly use them as patsies.

In a court document released by The United States Court for the Eastern District of Virginia, Fitzpatrick pleaded guilty to a number of crimes including running the cybercrime forum BreachForums. [12] [13] In the court documents, Fitzpatrick stated, "that after RaidForums was seized by law enforcement, he was approached by individuals who thought he would be competent enough to run a similar site. Fitzpatrick stated that he agreed to do so. [14]

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">InfraGard</span> FBI Initiative for Public-Private Sector Infrastructure protection

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

The Dark Overlord is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.

GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, Canva, and several other online services.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.

Hive was a ransomware as a service (RaaS) operation carried out by the eponymous cybercrime organization between June 2021 and January 2023. The group's purpose was to attack mainly public institutions to subsequently demand ransom for release of hijacked data.

<span class="mw-page-title-main">Vinny Troia</span> American cybersecurity researcher

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking. Troia is also known for disclosing the Shanghai police database leak in 2022.

IntelBroker is a Serbian black hat hacker active since October 2022, who has committed several high-profile cyber attacks. Their targets have included Europol, Pandabuy, and Apple, with over 80 sales and leaks of compromised data having been traced to them. They claim to be currently residing in Russia for security reasons.

References

  1. "FBI email system compromised by hackers who sent fake cyberattack alert". Washington Post. ISSN   0190-8286 . Retrieved 2022-01-26.
  2. Speakman, Kimberlee. "FBI Email Server Hacked, Thousands Of Spam Emails Said To Be Sent Out". Forbes. Retrieved 2022-01-26.
  3. "Hackers compromise FBI email system, send thousands of messages". Reuters. 2021-11-14. Retrieved 2022-01-26.
  4. 1 2 Roth, Emma (2021-11-14). "The FBI's email system was hacked to send out fake cybersecurity warnings". The Verge. Retrieved 2022-01-26.
  5. Cao, Belinda. "FBI Says No Network Data Compromised After Fake Email Incident". Bloomberg .
  6. 1 2 Podkul, Cezary. "Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected". ProPublica. Retrieved 2022-01-26.
  7. "Pompompurin: The hacker behind the FBI email data breach". Night Lion Security. 2021-11-16. Retrieved 2022-01-26.
  8. "FBI arrests BreachForums operator on cybercrime charges".
  9. "Dark Web 'BreachForums' Operator Charged With Computer Crime".
  10. Roth, Emma (2023-03-18). "Feds arrest alleged BreachForums owner linked to FBI hacks". The Verge. Retrieved 2023-03-18.
  11. "POMPOMPURIN: THE HACKER BEHIND THE FBI EMAIL DATA BREACH". Night Lion Security. nightlion.com. Retrieved 16 August 2023.
  12. "United States v. Fitzpatrick (1:23-cr-00119)". Court Listener. Court Listener. Retrieved 17 July 2023.
  13. "Hacking Forum "BreachForums" Alleged Owner Pompompurin Arrested and Charged With Cybercrime". CPO Magazine. CPO Magazine. Retrieved 17 July 2023.
  14. Franceschi-Bicchierai, Lorenzo (24 March 2023). "How the FBI caught the BreachForums admin". TechCrunch.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.