Hackers have compromised the Federal Bureau of Investigation’s external email system. The hackers sent out tens of thousands of emails from an FBI email account warning about a possible cyberattack, according to the Spamhaus Project, which tracks spam and related cyber threats. The FBI said it, along with the Cybersecurity and Infrastructure Security Agency, is “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account.”
“This is an ongoing situation, and we are not able to provide any additional information at this time,” the FBI said in a statement. The FBI has multiple email systems, and the one that appears to have been hacked on Saturday is a public-facing one that agents and employees can use to email with the public, according to Austin Berglas, head of professional services at the cybersecurity company BlueVoyant. There’s a separate email system agents are required to use when transmitting classified information, he said.
“This is not the classified system that was compromised,” said Berglas, who is also a former assistant special agent in charge of the FBI’s New York office cyber branch. “This is an externally facing account that is used to share and communicate unclassified information.”
The attacks started at midnight Saturday in New York with a subsequent campaign beginning at 2 a.m., according to Spamhaus. The nonprofit said it estimates the spam messages ultimately reached at least 100,000 mailboxes.
The emails came with the subject line: “Urgent: threat actor in systems.” The message was signed by the U.S. Department of Homeland Security and warned recipients that the threat actor appeared to be cybersecurity expert Vinny Troia, who last year penned an investigation of the hacking group The Dark Overlord.
There was no malware attached to the emails, according to Spamhaus. The group speculated that the hackers could have been attempting to smear Troia or were staging a nuisance attack to flood the FBI with calls.