Posted on Nov 14, 2021
The FBI’s email system was hacked to send out fake cybersecurity warnings
713
25
7
10
10
0
A flaw in the FBI’s website allowed hackers to use the FBI’s legitimate email address
The FBI’s email system was hacked to send out fake cybersecurity warnings
Posted from theverge.com
Hacking
FBI
Cyber
Cybersecurity
Email
Posted >1 y ago
Responses: 3
4
4
0
3
3
0
PO1 William "Chip" Nagel No one's system is safe...
..."With that kind of access, the attack could’ve been much worse than a false alert that put system administrators on high alert. Earlier this month, President Joe Biden mandated a bug fix that calls for civilian federal agencies to patch any known threats. In May, Biden signed an executive order that aims to improve the nation’s cyber defenses in the wake of detrimental attacks on the Colonial Pipeline and SolarWinds."...
..."With that kind of access, the attack could’ve been much worse than a false alert that put system administrators on high alert. Earlier this month, President Joe Biden mandated a bug fix that calls for civilian federal agencies to patch any known threats. In May, Biden signed an executive order that aims to improve the nation’s cyber defenses in the wake of detrimental attacks on the Colonial Pipeline and SolarWinds."...
(3)
(0)
PO1 William "Chip" Nagel
SGT (Join to see) Sounds Like the Kind of Crap I used to do as a Kid but Screwing with the FBI is Never recommended. Considering the Disinformation their Posting, Sounds Like a State Actor, Foreign Government that doesn't have Our Interest in Mind.
(1)
(0)
2
2
0
This one is just too funny from a security perspective. This was probably a forgotten piece of functionality as the government focuses more on unauthorized access to confidential information than it does little annoyances like this. This annoyance was a gut punch to their reputation, however.
The Krebs article states that everything about these emails was generated client-side. Everything about the attack was setup locally and then sent back to the server, which willingly complied because that's the way it was programmed. "Here, server, just send this email on my behalf and don't ask any questions." The first rule in application security is that you never trust anything from the client. It's like asking a kid if they brushed their teeth or washed behind their ears.
The Krebs article states that everything about these emails was generated client-side. Everything about the attack was setup locally and then sent back to the server, which willingly complied because that's the way it was programmed. "Here, server, just send this email on my behalf and don't ask any questions." The first rule in application security is that you never trust anything from the client. It's like asking a kid if they brushed their teeth or washed behind their ears.
(2)
(0)
Read This Next
Continue with Facebook 
Continue with Google