Security researcher Brian Krebs reports:
Late in the evening of November 12 ET, tens of thousands of emails began flooding out from the FBI address email@example.com, warning about fake cyberattacks.
Around that time, KrebsOnSecurity received an email from the same email address. “Hi its pompompurin,” read the message. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.” A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — firstname.lastname@example.org — corresponds to the FBI’s Criminal Justice Information Services division (CJIS).
According to the Department of Justice… “CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services…”
In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI’s system. “I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin said.
Instead Pompompurin apparently sent emails with the subject line, “Urgent: Threat actor in systems,” with the body (apparently from email@example.com) warning that “Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack….” The email then blames the real-world founder of two dark web intelligence companies (apparently the subject of a long standing feud with Pompompurin’s community), and ultimately closes with the words “Stay safe, U.S. Department of Homeland Security — Cyber Threat Detection and Analysis — Network Analysis Group.”
The FBI issued a statement in response to the incident — saying “The impacted hardware was taken offline quickly upon discovery of the issue.”