Long-time Slashdot reader davidwr brings news of “an exploit in the FBI’s Law Enforcement Enterprise Portal web site that would let anyone send an email to any arbitrary recipient…”
Security researcher Brian Krebs reports:
Late in the evening of November 12 ET, tens of thousands of emails began flooding out from the FBI address email@example.com, warning about fake cyberattacks.
Around that time, KrebsOnSecurity received an email from the same email address. “Hi its pompompurin,” read the message. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.” A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — firstname.lastname@example.org — corresponds to the FBI’s Criminal Justice