The FBI appears to have been used as a pawn in a conflict between hackers and security researchers. According to Bleeping Desktop, the FBI confirmed that hackers breached its email servers on Nov. 13 to send fake messages that claimed recipients were victims of hacking and data breaches.
Emails tried to charge non-existent ones attacks to Vinny Troia, the founder of dark web security companies NightLion and Shadowbyte.
The non-profit intelligence organization Spamhaus was quick to shed light on the fake messages. The attackers used legitimate FBI systems to carry out the attack, using email addresses found in a database from the American Registry for Internet Numbers (ARIN). So over 100.000 addresses received fake emails to two waves at least.
Το FBI περιέγραψε το hack σαν μια "συνεχιζόμενη κατάσταση" και αρχικά δεν είχε περισσότερες λεπτομέρειες. Ζήτησε από τους παραλήπτες των email να αναφέρουν τα μηνύματα αυτά στο Κέντρο Παραπόνων Διαδικτυακού Εγκλήματος (Internet Crime Complaint Center) of the service or in the Department of Cybersecurity and Infrastructure Security (Cybersecurity and Infrastructure Security Agency). Ο Troia ανέφερε στο Bleeping Computer ότι πιστεύει ότι οι δράστες μπορεί να συνδέονται με τον "Pompomourin", ένα πρόσωπο που του έχει επιτεθεί στο παρελθόν.
Disputes between hackers and the security community are nothing new. In March, attackers carried out exploits on its servers microsoft Exchange they tried to implicate the security reporter Brian Krebs using a fake domain.
However, it is rare for them to actually use domains, even from a government agency such as the FBI. This method, of course, seems to be much more effective, as the FBI is still flooded with calls from system administrators.
