The FBI found itself tangled this weekend in a settling of scores between a hacker and a cybersecurity researcher. One of its servers has been hacked and used to send fake e-mails warning about an alleged security breach.
This weekend, a hacker showed how dated one of the FBI’s servers is. The hacker was able to use a simple script to alter the way a web page works and send a bogus email into. This message, which therefore seems to come from , warns administrators that their systems have been compromised.
The message was thus sent to more than 100,000 e-mail addresses, extracted from theAmerican (ARIN). The bogus message, which claims to come from the FBI, attempts to discredit Vinny Troia, a cybersecurity researcher at the head of the intelligence firms of the NightLion and Shadowbyte. The message appears to be true since it was sent for a long time. and an e-mail address belonging to , which was inundated with calls from worried administrators.
FBI registration server implicated
According to the specialist , the flaw would be due to a portal open to registrations, which then sends a code by e-mail to confirm the address. However, the server seems particularly dated since the code, and all the confirmation email, is generated in the and sent to the server (via the POST method). A simple script was enough to change the text of the confirmation email to replace it with the fake alert message, then automatically send it to a list of addresses.
According to Vinny Troia, the culprit is an individual known by the nickname Pompomourin who is not at his first attempt. The last time he infiltrated the US national site for missing children and published an article accusing Vinny Troia of. The FBI has since claimed to have corrected the flaw and indicated that the hacker had no access to confidential data.