FBI’s Email System Hacked to Send Fake Cybersecurity Warnings

On November 13th, hackers attacked the Federal Bureau of Investigation’s (FBI) email system. They sent out emails to over 100,000 addresses from the bureau’s legitimate email address, saying that the recipients have become the victims of a “sophisticated chain attack.”

The emails also claimed that the attack originated from Vinny Troia. What’s more, they falsely claimed that Troia was associated with The Dark Overlord, a notorious hacking group behind the leak of the fifth season of “Orange Is the New Black.”

In reality, Vinny Troia is a conspicuous cybersecurity researcher in charge of NightLion and Shadowbyte, two prominent dark web security companies. Troia theorizes that the said campaign could have been the work of an individual who goes by the name “Pompompurin.” Allegedly, the same person tried damaging the researcher’s reputation in the past.

A computer security reporter, Brian Krebs of KrebsOnSecurity, claims that Pompompurin is connected to the attack as he received an email saying, “Hi its pompompurin. Check headers of this email it’s actually coming from FBI server.”

Krebs reported that the hacker stated that the attack was meant to highlight the FBI’s email systems’ security vulnerabilities. Pompompurin further said that he could use the FBI’s email system to send more legit-looking emails to trick companies into sending over their data.

That said, the Twitter user @pompompur_in, tagged in several tweets by Troia, claims that they are not involved in the incident. In their blog post, they provide arguments as to why the accusations are ungrounded.

The FBI issued a press release regarding the attack. According to it, a software misconfiguration allowed an actor to leverage the LEEP, the Law Enforcement Enterprise Portal, to send fake emails. FBI confirms that the illegitimate email originated from an FBI-operated server.

However, the agency also clarifies that the said server had been used to push notifications for LEEP. In other words, it wasn’t part of the FBI’s corporate email system. Following that, no one gained access or compromised PII (personally identifiable information) or any other data on the agency’s network. The FBI also ensured that it confirmed the integrity of its network.


Anne is a certified digital marketing strategist, a behavioral coach, and a technology guru. She has spent most of her life managing people from all walks of life until she decided to turn her passion for tech into a reality. As she is now a master of all things technology in the SEO world, managing Websitebuilder.org is her dream come true. She is also a proud mom to a future psychologist, and she loves to cook, cook, and cook some more!

Latest from Anne

Best Cloud Gaming Service How to Make a Twitter Account Private the Best Way Possible How Many YouTubers Have 10 Million Subscribers? How Much is Johnny Depp Worth?

Leave a Reply