An Indian hacker known by the nickname "Godzilla" has managed to detect a vulnerability on the NSA website that allows an attacker to send fake emails to him. SMTP server of NSA.
The NSA SMTP server allows anyone to use service without checking his IP and password access. The most interesting part is that it allows you to use any email address (for example: admin@nsa.gov).
This vulnerability can be exploited by an attacker to launch a Spear attack Phishing. An attacker can send e-mail to anyone with addresses that appear to be from the US Secret Service. So by using the NSA's SMTP server, the message will not be automatically transferred to spam by the protection filters of e-mail services, such as the Gmail service.
On a screenshot that posted it EHN, the hacker used the NSA's email manager "Gen Keith B Alexander" (KeithAlexander@nsa.gov) to send it to someone else.
"The message seems to have been sent in the name of the manager, and no one will dare go past the message without reading it."
"SMTP is a dangerous protocol and if you don't know how to secure it, you better shut it down."
"Stupid NSA you are lucky to be December 31st and we are not available to load malwares on your server, ”Hacker said.
