back to article FBI spams thousands with fake infosec advice after 'software misconfiguration'

The FBI has admitted that a software misconfiguration let parties unknown send legit-looking email from its servers. A statement from the bureau, dated November 14, states the agency "is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake …

  1. HildyJ Silver badge
    FAIL

    Whoever did what

    The most chilling comment, which I totally believe, is:

    "I could've 1000% used this to send more legit looking emails, trick companies into handing over data etc. And this would've never been found by anyone who would responsibly disclose, due to the [nondisclosure] notice the feds have on their website."

    The LEEP server is used by law enforcement and intelligence agencies. A request from the FBI for information will likely be acted upon without question.

    And all because of yet another "misconfiguration" (assuming the FBI is being honest about that).

    1. Chris G Silver badge
      Trollface

      Re: Whoever did what

      Misconfiguration could easily include the Fbi123*

      password that should have been routinely changed at least once a year.

      1. Doctor Syntax Silver badge

        Re: Whoever did what

        Krebs's article explains. It sounds weird. Weird as in "what were they on?". The sign-up process resulted in a one-time code emailed to the new user's email address. So far so 2FA. But the email seems to have been generated client-side and sent to the server with a POST request which included as parameters not just the email address, but also the subject and body so by feeding POST requests to the server the server would send out whatever emails were requested.

        No weak passwords required: no passwords required at all. Apparently IE was required, however. I suppose it stopped those wicked Linux users getting access.

    2. elsergiovolador Silver badge

      Re: Whoever did what

      Would you not reply with:

      The turd is in the punch bowl.

      and then wait for authorisation sentence first?

  2. Neil Barnes Silver badge
    Megaphone

    temporarily allowed an actor <...> to send fake emails

    I blame all these Mission Impossible type films. They're giving actors an exaggerated expectation of their abilities.

    Director's megaphone, obvs! --->

    1. Robert Carnegie Silver badge
      Joke

      Unjust!

      Casting aspersions. :-)

      1. amanfromMars 1 Silver badge

        Re: Just an Overdue Adjustment to Forceful Field Sources ..... Fine Tuning for Increased Performance

        Casting aspersions. :-) ....... Robert Carnegie

        And random secret field beta testing for Aspergeans too, Robert C

        A rare breed indeed that do trade in raw information free from foreign embellishment and flash fiat money market influence chasing rapidly disappearing paper wealth negatively impacting the automatic continuity of great atomic affluence ......... so whenever the truth be told with all said and alreadily done, certainly most definitely extremely disruptive and Greater IntelAIgent Game Changing.

        And there’s not many able to confess to being able to Host and Provide Succour and Nectar to those sorts of COSMIC Programs.

  3. Anonymous Coward
    Anonymous Coward

    Lyrics....Poetry......

    How about:

    If there's something weird

    And it don't look good

    Who you gonna call?

    Ghostbusters!

    Or this:

    Yesterday, upon the stair,

    I met a man who wasn't there

    He wasn't there again today

    I wish, I wish he'd go away...

    Have a nice day!!

  4. Sandstone
    Black Helicopters

    In the US We Know Who's Behind It

    <sarcasm>It has to be something that Hillary Clinton did when she was using that unauthorized private server.</sarcasm>

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021