The FBI’s email system sent out a bunch of bogus cybersecurity warnings after being hacked

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

When you get an email that seems suspicious, one of the first things to do is see where the email was sent from. But it can’t always tell you the full story, as made apparent in this new hack that involved the FBI over the weekend.

These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!

— Spamhaus (@spamhaus) November 13, 2021

According to a report from Bleeping Computer, “at least 100,000” emails were sent out from an FBI email address.

Hackers managed to gain access to a portal and a “software configuration” allowed them to create and send emails from the address.

The emails went out in two waves according to SpamHaus, a nonprofit that tracks spam and cyberthreats.

READ MORE: The FBI is warning LinkedIn users of rampant fraud on the platform

The header used was “Urgent: Threat actor in systems” and the email talks of a fake threat and stolen data from an actual security researcher, Vinny Troia.

The email also mentions TheDarkOverlord, a hacking group, and one that Troia’s Night Lion Security company reported on earlier in the year (thanks, Gizmodo).

Troi went to Twitter afterward and accused another Twitter member of the attack. Known as Pompompurin, Troi received a Twitter DM hours before the attack that simply said “enjoy.”

READ MORE: FBI lists notorious crypto fraudster on its 10 most-wanted list

Then, after news of the breach the next day, he received a follow-up DM that just said “did you enjoy.”

It’s not clear yet, but it almost seems like this breach of an FBI system to send out spam email blasts was used to discredit the security researcher’s name.

In a statement to Bleeping Computer, the FBI says, “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time.”

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Hackers may have cracked the code to playing pirated games on the PS5
• T-Mobile’s security is shit according to the hacker that breached its servers
• Hackers are targeting YouTube influencers with fake collabs, and of course, it’s working
• Donald Trump’s new social media site has already been hacked