Incident Details

Incident: Hacker Infiltrates FBI Email Account, Sends Fake Cyberattack Emails

Published Date: 2021-11-13

Postmortem Analysis
Timeline	1. The software failure incident of the hacker infiltrating an FBI email account and sending thousands of fake cyberattack emails happened on Saturday, as mentioned in Article 121119. 2. The article was published on 2021-11-13. 3. Estimation: The incident occurred on Saturday, which would be 2021-11-13.
System	1. FBI email account system [Article 121119] 2. DHS Cyber Threat Detection and Analysis Department system [Article 121119] 3. ARIN database system [Article 121119]
Responsible Organization	1. A hacker infiltrated an FBI email account and sent thousands of fraudulent emails, causing the software failure incident [Article 121119].
Impacted Organization	1. FBI [Article 121119] 2. DHS (Department of Homeland Security) [Article 121119]
Software Causes	1. The software cause of the failure incident was a hacker infiltrating an FBI email account and sending thousands of fake cyberattack emails, impacting the FBI's software systems [121119].
Non-software Causes	1. The failure incident was caused by a hacker infiltrating an FBI email account and sending fraudulent emails to thousands of recipients [121119]. 2. The hack involved the exploitation of the National Telecommunications and Information Administration's office software, Microsoft's Office 365, allowing hackers to monitor internal email traffic at the Treasury Department and the Department of Commerce [121119]. 3. The failure incident was part of a series of cyberattacks against the FBI, including previous attacks by hackers backed by the Russian government [121119]. 4. Russian President Vladimir Putin's SVR intelligence agency launched hacking campaigns against American companies, including attempting to hack 140 tech companies and infiltrating the email accounts of federal prosecutors [121119].
Impacts	1. The hacker infiltrated an FBI email account and sent thousands of fake cyberattack emails to 10,000 inboxes, causing recipients to believe they were under a cyberattack [121119]. 2. The impacted hardware was taken offline quickly to mitigate the situation, but the incident was described as 'ongoing' [121119]. 3. The emails were signed off by the DHS Cyber Threat Detection and Analysis Department, creating a sense of urgency and potential panic among recipients [121119]. 4. The hacker possibly aimed to convince people to shut down their systems, flood the FBI with calls, or cause disruptions for amusement ('for the lulz') [121119]. 5. The incident highlighted vulnerabilities in the FBI's email system and raised concerns about the potential for severe damage to infrastructure if action was not taken promptly [121119].
Preventions	1. Implementing multi-factor authentication for email accounts could have prevented unauthorized access by hackers [121119]. 2. Conducting regular security audits and penetration testing to identify and address vulnerabilities in the email system [121119]. 3. Providing cybersecurity training to employees to recognize phishing attempts and suspicious emails, reducing the likelihood of falling for such attacks [121119].
Fixes	1. Enhancing email security measures to prevent unauthorized access and spoofing of FBI email accounts [121119]. 2. Implementing stricter authentication protocols for sending emails from official FBI addresses to prevent similar incidents in the future [121119]. 3. Conducting thorough investigations to identify the source of the hack and taking appropriate legal actions against the perpetrators to deter future attacks [121119]. 4. Collaborating with cybersecurity experts and organizations like Spamhaus to improve threat detection and response capabilities [121119].
References	1. FBI statement 2. Spamhaus 3. Twitter account named Spamhaus 4. DailyMail.com 5. Department of Homeland Security (DHS) 6. American Registry for Internet Numbers (ARIN) database 7. Reuters 8. Justice Department

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: The FBI has been targeted in cyberattacks before. In December 2020, hackers backed by the Russian government monitored internal email traffic at the Treasury Department and the Department of Commerce for months, using Microsoft's Office 365 software [121119]. (b) The software failure incident having happened again at multiple_organization: Russian President Vladimir Putin's SVR intelligence agency launched another hacking campaign against American companies, targeting 140 tech companies. This was the same Russian-based agency behind the massive SolarWinds cyberattack [121119].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be seen in the article where a hacker infiltrated an FBI email account and sent thousands of fake cyberattack emails to organizations. The incident involved the misuse of a legitimate FBI email address to send out fraudulent emails warning about a cyberattack, which could be attributed to vulnerabilities in the email system's design or security measures [121119]. (b) The software failure incident related to the operation phase is evident in the same article where the FBI had to take the impacted hardware offline quickly to mitigate the situation. This action was a response to the operation of the system, indicating that the failure was influenced by the operation or misuse of the system [121119].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident reported in the articles is primarily within the system. The incident involved a hacker infiltrating an FBI email account and sending thousands of fake cyberattack warning emails to organizations. The impacted hardware was taken offline quickly by the FBI, and the emails were sent from a legitimate FBI email address [121119]. The incident also involved the use of a legitimate FBI email address to send the fake cyberattack emails, indicating that the failure originated from within the system. (b) outside_system: The software failure incident does not have significant contributing factors that originate from outside the system.
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The software failure incident in Article 121119 occurred due to a hacker infiltrating an FBI email account and sending thousands of fake cyberattack warning emails to organizations [121119]. - The impacted hardware was taken offline quickly to mitigate the effects of the attack [121119]. - The emails were signed off by the DHS Cyber Threat Detection and Analysis Department, indicating that the attack was orchestrated to appear legitimate [121119]. (b) The software failure incident occurring due to human actions: - The incident involved human actions in the form of the hacker gaining unauthorized access to the FBI email account and sending out the fraudulent emails [121119]. - The FBI encouraged receivers of the emails to report any suspicious activity to relevant authorities, indicating a response to human actions [121119]. - The hacker behind the incident was possibly attempting to convince recipients to take certain actions, such as shutting down their systems or flooding the FBI with calls [121119].
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident occurring due to hardware: - The FBI email account hack incident involved the impact on hardware, which was 'taken offline quickly' as a response to the infiltration by a hacker [121119]. - The incident mentioned that the emails were sent from a legitimate FBI email address, but the 'impacted software was taken offline quickly' [121119]. (b) The software failure incident occurring due to software: - The incident involved fake cyberattack emails being sent from a legitimate FBI email address, indicating a software-related issue [121119]. - The emails in question were signed off by the DHS Cyber Threat Detection and Analysis Department, pointing to a software aspect of the failure incident [121119].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident in this case is malicious. A hacker infiltrated an FBI email account and sent thousands of fake cyberattack emails to organizations, causing disruption and potentially aiming to convince recipients to take actions that could harm their systems [121119]. Additionally, the incident is part of a series of cyberattacks against the FBI, including previous attacks by hackers backed by the Russian government [121119]. (b) There is no information in the articles to suggest that the software failure incident was non-malicious.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident: - The software failure incident involving the FBI email account being hacked and used to send fake cyberattack emails to thousands of organizations was likely due to poor decisions made by the hacker behind the attack. The hacker's intent could have been to convince people to shut down their systems, flood the FBI with calls, or simply for amusement ("for the lulz"). The emails were designed to create panic and potentially cause severe damage to the recipients' infrastructure [121119]. (b) The intent of the software failure incident: - The software failure incident involving the FBI email account being hacked and used to send fake cyberattack emails to thousands of organizations could also be attributed to accidental decisions or unintended consequences. The emails were signed off by the DHS Cyber Threat Detection and Analysis Department, creating a false sense of urgency and potentially leading recipients to take actions that could harm their systems. The hacker's actions may have been accidental in the sense that they did not have a specific targeted goal beyond causing chaos and confusion [121119].
Capability (Incompetence/Accidental)	development_incompetence, unknown	(a) The software failure incident related to development incompetence is evident in the article as a hacker infiltrated an FBI email account and sent thousands of fake cyberattack emails to organizations. The incident involved the misuse of a legitimate FBI email address to send alarming messages, causing confusion and potential harm to the recipients [121119]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided articles.
Duration	temporary	(a) The software failure incident in the articles appears to be temporary. The incident involved a hacker infiltrating an FBI email account and sending thousands of fake cyberattack warning emails to organizations. The impacted hardware was taken offline quickly, and the FBI confirmed that the impacted software was also taken offline promptly [121119]. This indicates that the failure was temporary and not permanent.
Behaviour	omission, other	(a) crash: - The impacted hardware was 'taken offline quickly' [121119]. - The federal agency's statement confirmed the messages were sent to thousands of organizations from a legitimate FBI email address but said the 'impacted software was taken offline quickly' [121119]. (b) omission: - The FBI confirmed that the federal agency sent fake cyberattack emails to 10,000 inboxes but noted that the impacted hardware was 'taken offline quickly' on Saturday [121119]. - The emails - which had the subject 'Urgent: Threat actor in systems' - were signed off by the DHS Cyber Threat Detection and Analysis Department [121119]. (c) timing: - The FBI confirmed that the federal agency sent fake cyberattack emails to 10,000 inboxes but noted that the impacted hardware was 'taken offline quickly' on Saturday [121119]. - The emails - which had the subject 'Urgent: Threat actor in systems' - were signed off by the DHS Cyber Threat Detection and Analysis Department [121119]. (d) value: - The emails - which had the subject 'Urgent: Threat actor in systems' - were signed off by the DHS Cyber Threat Detection and Analysis Department [121119]. - The account also took to Twitter to warn that 'these fake warning emails' were being 'sent to addresses scraped from ARIN databases' [121119]. (e) byzantine: - Spamhaus, a European nonprofit dedicated to tracking digital threats, suggested that the hacker behind the emails was possibly convincing people to shut down their systems, flood the FBI with calls or simple 'for the lulz' - or laughs [121119]. - 'Maybe all of the above. Maybe something else!' the account tweeted, adding in a later post: 'Who knows what goes on in the minds of people who do these things?' [121119]. (f) other: - The FBI noted that the situation is still 'ongoing' [121119]. - The FBI said in its statement that the situation is 'ongoing' [121119].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	theoretical_consequence, other	(a) unknown (b) unknown (c) unknown (d) unknown (e) unknown (f) unknown (g) no_consequence (h) theoretical_consequence (i) The software failure incident led to potential consequences such as convincing people to shut down their systems, flood the FBI with calls, or cause disruptions for amusement ("for the lulz"). Additionally, there were concerns about the potential impact on infrastructure if physical interference could not be done within a certain timeframe, which could lead to severe damage. [121119]
Domain	information	(a) The failed system in the incident was related to the industry of information. The software failure incident involved a hacker infiltrating an FBI email account and sending thousands of fraudulent emails warning recipients of a cyberattack [121119]. The incident highlighted the vulnerability of information systems and the potential impact of cyberattacks on information security.

Sources

FBI confirms federal agency sent fake cyberattack emails to 10,000 inboxes - Daily Mail - Published on: 2021-11-13
Article ID: 121119

Back to List