Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Popular with:
Pentester
Security Engineer

How the FBI was hacked

Updated:
November 24, 2021
Written by
Anushika Babu

Listen to the Podcast here

FBI Website Hacked

Big news, people, the FBI just got hacked last week! On Friday, November 12th, over 100,000 people received emails from the official FBI address issuing a warning about fake cyberattacks.

We are bringing you a 2-minute summary of the biggest cybersecurity incident this month.

This is a weird one, because from what we currently know, the person who did this didn't do any damage beyond the massive email blast through the FBI servers. Details are still unclear, but an anonymous Twitter user by the name "Pompompurin" has taken responsibility for the hack. When Brian Krebs interviewed this person, they said they did the hack to point out the glaring flaws in the FBI's system.

The spam emails were clearly fake, with Pompompurin naming themselves in the emails. In the interview, they said that they used one of the FBI's online portals to orchestrate the attack. It seems that all they had to do was create a user account on the portal. When they were informed an email with a one-time password would be sent to them, the FBI's own website leaked the password in the HTML code on the webpage.

Pompompurin found that they could send emails to themselves from the official FBI address and even edit the subject field and body. They used a simple script to replace these and automated the sending of the hoax email to tens of thousands of people around the US.

It's kind of scary how easily they managed to do it, especially considering it's a website run by the FBI, one of the world's leading intelligence agencies. The fact that this person chose not to do anything actually damaging or malicious should be comforting, but somehow I’m just not feeling great about it. 

If the alarm bells to take security seriously weren't ringing before, they better be now. This is right on the heels of the US announcing their support of the Paris Call, check out our previous episode for all about that. We can be sure there are thousands of other websites, apps, and services we use on a daily basis that have massive loopholes like this, and it's just a matter of time before someone finds it.

And not everyone will be as benign as the person who pulled off this attack.

Thanks so much for listening. We'll be bringing you short snippets just like this on the latest news in AppSec, Infosec, and the broader world of Cybersecurity. Follow us, stay tuned, and have a great day! 

Source for article
Anushika Babu

Anushika Babu

Marketer, Designer and Mom. Her coffee is never hot enough.

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023