FBI Server Sent Fake Emails, Goes Offline, No Data Impacted

The FBI blamed a misconfiguration in its Law Enforcement Enterprise Portal (LEEP) for a technical mishap that allowed emails to be sent from the domain.

“LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners,” the FBI said.

The bureau also assured that no data was affected during the technical glitch.

“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network.”

The FBI quickly took the “impacted hardware” offline, and fixed the “software vulnerability” before finally confirming the network integrity.

Brain Krebs reported that the sender of the e-mails was able to do so because the FBI generated a client-side unique code to log into a brand new account on LEEP, and it was sent to the FBI servers as a POST request along with an e-mail subject and e-mail address. Manipulation of the request parameters led to the e-mails being sent, and a script was used to automate the sending.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web