2021 FBI email hack

Last updated

On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security. [1] [2] [3]

Contents

The emails were sent to addresses taken from the American Registry for Internet Numbers database and it was reported that the hacker used the FBI's public-facing email system which made the emails appear legitimate. The campaign was likely done in an attempt to defame Troia. Fitzpatrick later claimed responsibility for the hack. [4]

Responses

FBI

The FBI stated that they remediated the software vulnerability that caused the attack. They told people to ignore the email and "confirmed the integrity" of the FBI's computer systems following the attack. [5]

Pompompurin

The hacker Pompompurin claimed responsibility for the attack in an interview with Krebs on Security. [4] In a later interview with ProPublica Pompompurin later claimed the hack was done for "fun." [6]

Vinny Troia blogged about his belief that it was the work of Canadian hacker Chris Meunier. In an interview with ProPublica, Pompompurin denied being Meunier. [6] [7]

Aftermath

In March 2023 Pompompurin was arrested on unrelated computer crime charges in Peekskill, New York and was identified as a 20 to 21-year-old man named Conor Brian Fitzpatrick. Fitzpatrick was said to have told the arresting officer that he was the creator of BreachForums, which had been created to "fill the void" caused by the seizure of RaidForums a few weeks earlier. [8] [9] He was identified as connected to the 2021 Robinhood Markets data breach and a data breach of Twitter in 2022. [10]

In a court document released by The United States Court for the Eastern District of Virginia, Fitzpatrick pleaded guilty to a number of crimes including running the cybercrime forum BreachForums. [11] [12] In the court documents, Fitzpatrick stated, "that after RaidForums was seized by law enforcement, he was approached by individuals who thought he would be competent enough to run a similar site. Fitzpatrick stated that he agreed to do so. [13]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">InfraGard</span> FBI Initiative for Public-Private Sector Infrastructure protection

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Cyberwarfare is a part of the Iranian government's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.

The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly worth 450,000 euros at the time, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools, and various other services.

Hive was a ransomware as a service (RaaS) operation carried out by the eponymous cybercrime organization between June 2021 and January 2023. The group's purpose was to attack mainly public institutions to subsequently demand ransom for release of hijacked data.

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for investigating high profile data breaches and dark web hacking groups, and is the author "Hunting Cyber Criminals". Troia has published research about dark web hacking groups such as The Dark Overlord and Shiny Hunters.

A cyberattack is any unauthorized effort against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

<span class="mw-page-title-main">IntelBroker</span> Black-hat Hacker

IntelBroker is a Serbian black hat hacker active since October 2022, who has committed several high-profile cyber attacks. Their targets have included Europol, Pandabuy, and Apple, with over 80 sales and leaks of compromised data having been traced to them. They claim to be currently residing in Russia for security reasons.

References

  1. "FBI email system compromised by hackers who sent fake cyberattack alert". Washington Post. ISSN   0190-8286 . Retrieved 2022-01-26.
  2. Speakman, Kimberlee. "FBI Email Server Hacked, Thousands Of Spam Emails Said To Be Sent Out". Forbes. Retrieved 2022-01-26.
  3. "Hackers compromise FBI email system, send thousands of messages". Reuters. 2021-11-14. Retrieved 2022-01-26.
  4. 1 2 Roth, Emma (2021-11-14). "The FBI's email system was hacked to send out fake cybersecurity warnings". The Verge. Retrieved 2022-01-26.
  5. Cao, Belinda. "FBI Says No Network Data Compromised After Fake Email Incident". Bloomberg .
  6. 1 2 Podkul, Cezary. "Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected". ProPublica. Retrieved 2022-01-26.
  7. "Pompompurin: The hacker behind the FBI email data breach". Night Lion Security. 2021-11-16. Retrieved 2022-01-26.
  8. "FBI arrests BreachForums operator on cybercrime charges".
  9. "Dark Web 'BreachForums' Operator Charged With Computer Crime".
  10. Roth, Emma (2023-03-18). "Feds arrest alleged BreachForums owner linked to FBI hacks". The Verge. Retrieved 2023-03-18.
  11. "United States v. Fitzpatrick (1:23-cr-00119)". Court Listener. Court Listener. Retrieved 17 July 2023.
  12. "Hacking Forum "BreachForums" Alleged Owner Pompompurin Arrested and Charged With Cybercrime". CPO Magazine. CPO Magazine. Retrieved 17 July 2023.
  13. Franceschi-Bicchierai, Lorenzo (24 March 2023). "How the FBI caught the BreachForums admin". TechCrunch.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.