The war on cybercrime is raging. Different reports from the cybersecurity sector point out that the number of cyber attacks does not stop increasing, and the news of cracks to different institutions and major companies, such as last week to MediaMarkt, are constant in the media. Although, fortunately, there are also news on the side of the good guys, such as the recent arrest of seven suspected cybercriminals linked to major ransomware attacks, which has been possible thanks to the collaboration of Interpol, Europol, the FBI and counterpart agencies from 16 different countries and which we met a few days ago.
However, the joy of that victory against cybercrime has not lasted long, since last weekend the FBI suffered a crack where a cybercriminal managed to breach its email servers to send more than 100,000 emails from a legitimate address of the American institution with the aim of deceiving the recipients, as revealed the non-profit organization The Spamhaus Project and has admitted the FBI itself it’s a statement.
The mass sending of emails was made from the address [email protected], which is effectively linked to the FBI and which, in fact, Gmail antispam systems using Identified Domain Keys (DKIM) detected as legitimate. The Spamhaus Project reported this fact on Saturday and the US investigation agency was quick to report, in a statement released the same day, that the affected hardware had been disconnected and that they could not give too many details about it because it was “a situation in progress”.
In a later update, published Sunday, the FBI reported that “an incorrect configuration of the software temporarily allowed an actor to take advantage of the Business Law Enforcement Portal to send fake emails.” Said portal, they point out, is the one that the agency uses to communicate with the state and local police, but it is not part of the institution’s corporate mail, so the cracker “could not access or compromise the FBI network”.
A smear campaign
The illegitimate emails sent by the cracker from the FBI server warned of an alleged cyberattack that he attributed to the cybercriminal group The Dark Overlord and the hacker Vinny Troia, who is actually a prominent cybersecurity researcher who runs two companies specializing in prosecuting cybercrime on the Dark Web.
Thus, it seems that the intention of the attack was none other than defame this prominent cybersecurity professional. Troia himself, through your Twitter account, He already said last Saturday that he imagined who could be behind this cyberattack that was charging directly against him, a cybercriminal known as Pompompurin, who would have already tried to damage his reputation in the past.
Pompompurin himself would have confirmed itAccording to several US media, the journalist specialized in cybersecurity Brian Krebs, who explains on his blog that the cracker would have contacted him the same Saturday to tell him his version of events when the news began to circulate.
Pompompurin told Krebs that his intention was show how vulnerable state agencies remain that should be a paradigm of cybersecurity, and assured that, if he had wanted, he could have taken much more advantage of that vulnerability to make more credible and effective emails that would have put the FBI and the people they had decided to involve in those emails in greater trouble.