FBI Email System Reportedly Hacked to Send Fake DHS Cyberattack Messages

The Federal Bureau of Investigation (FBI) email system had reportedly suffered a hack on Saturday morning amid several reports of messages sent from the agency's email infrastructure purporting to be a warning from the Department of Homeland Security (DHS) about a cyberattack.

The Spamhaus Project, an international nonprofit organization based in Andorra and Switzerland that tracks spam, reported on Twitter that its analysis had shown the unusual emails are being sent from accounts "scraped" from the American Registry for Internet Numbers (ARIN) database.

"We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS [Department of Homeland Security]," the Spamhaus Project wrote on Twitter.

"While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake."

Some social media users reported receiving the strangely worded email, which refers to "a sophisticated chain attack" and references "the extortion gang TheDarkOverlord."

The email originated from the address eims@ic.fbi.gov and was signed with the message "Stay safe" and claimed to be from DHS, adding the term "Cyber Threat Detection and Analysis" and "Network Analysis Group" to the end of the message.

"We highly recommend you to check your systems and IDS monitoring. Beware this threat actor is currently working under inspection of the NCCIC, as we are dependent on some of his intelligence research we can not interfere physically within 4 hours, which could be enough time to cause severe damage to your infrastructure," the email read

The suspect email had the subject line "Urgent: Threat actor in systems" and was shared on Twitter and Reddit on Saturday morning.

We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.

— Spamhaus (@spamhaus) November 13, 2021

"These fake warning emails are apparently being sent to addresses scraped from ARIN database," the Spamhaus Project tweeted.

"They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig [signature block]. Please beware!"

In response to a question about blocking the server in order to give the FBI time to fix the issue, the Spamhaus Project tweeted: "Our telemetry indicates that there were two 'spam' waves, one shortly before 5 AM (UTC) [12.am. E.T.] and another one shortly after 7 AM (UTC) [2a.m. E.T.]. The FBI has been getting many calls about it. We are therefore refraining from further actions against the sending IP addresses."

Newsweek has asked the FBI for comment.

Update 11/13/21 05.45 a.m. E.T.: This article was updated to include more information.

The FBI Seal Pictured in Washington, D.C.
The FBI seal is seen outside the headquarters building in Washington, DC on July 5, 2016. The FBI's email system had reportedly suffered a hack on Saturday. YURI GRIPAS/AFP/Getty Images