Looks like a flaw in the Law Enforcement Enterprise Portal (LEEP) allowed for someone to create these emails, legitimately originating from FBI servers, and they were directed at publicly listed owners of IP blocks on the ARIN database.
ELI5 version: The LEEP site has one of those "click a link in your email to confirm" functions. Someone figured out that the confirmation code was overly exposed in the browser and could inline modify it to send whatever subject/message they wanted. They then built a script to spam the following message to IP block owners listed on the ARIN database:
Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack. We tried to blackhole the transit nodes used by this advanced persistent threat actor, however there is a huge chance he will modify his attack with fastflux technologies, which he proxies trough multiple global accelerators. We identified the threat actor to be Vinny Troia, whom is believed to be affiliated with the extortion gang TheDarkOverlord, We highly recommend you to check your systems and IDS monitoring. Beware this threat actor is currently working under inspection of the NCCIC, as we are dependent on some of his intelligence research we can not interfere physically within 4 hours, which could be enough time to cause severe damage to your infrastructure.
Stay safe,
U.S. Department of Homeland Security | Cyber Threat Detection and Analysis | Network Analysis Group
Not sure if this could be comms, a simple flex by someone who found this bug, a distraction, or something else. At least at this point, it doesn't look like the servers themselves are compromised, they were just bounced off of to perform this spam.
Most likely this is to give them blanket plausible deniability for everything found in their email system.
When the FBI says shit like this, am I supposed to believe them?
Why?
This^^^
THat's a shame. Somebody about to get SethRich'd by all the MS13 trash POTATUS is letting in.
That would be funny if it were Project Veritas trying to get James' contact list for his new phone... or as a counter move.
White hat?
Black hat?
We'll know soon.
"Leak" them to OAN and RSBN!
Looks like a flaw in the Law Enforcement Enterprise Portal (LEEP) allowed for someone to create these emails, legitimately originating from FBI servers, and they were directed at publicly listed owners of IP blocks on the ARIN database.
ELI5 version: The LEEP site has one of those "click a link in your email to confirm" functions. Someone figured out that the confirmation code was overly exposed in the browser and could inline modify it to send whatever subject/message they wanted. They then built a script to spam the following message to IP block owners listed on the ARIN database:
Not sure if this could be comms, a simple flex by someone who found this bug, a distraction, or something else. At least at this point, it doesn't look like the servers themselves are compromised, they were just bounced off of to perform this spam.
Hmmm. Might be a beta trial. We could be seeing more interesting stuff soon.
Isn't that circle jerking?