FBI confirms Law Enforcement Enterprise Portal compromise in cyberattack

The Federal Bureau of Investigation has confirmed that its Law Enforcement Enterprise Portal was compromised in a cyberattack Friday in which fake cyber alert emails were sent on the agency’s behalf.

In a statement, the agency said that while the spam emails originated from an FBI-operated server, the server was dedicated only to pushing notifications for LEEP “and was not part of the FBI’s corporate email service.”

Attackers were able to send the fake spam emails because of a software misconfiguration with the Law Enforcement Enterprise Portal.

Thousands of emails were sent late Friday from an FBI address, purporting to warn recipients about an imminent cyberattack. The email domain used was that of the FBI’s Criminal Justice Information Services division, according to cybersecurity expert Brian Krebs.

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the LEEP to send fake emails,” the agency said in its statement. “No actor was able to access or compromise any data or PII on the FBI’s network.

The FBI added that after learning of the attack, it took fast action to remediate the software vulnerability, warned partners to disregard the fake emails and confirmed the integrity of its networks.

It is the latest such hack to hit a government agency and comes after an email marketing account used by the U.S. Agency for International Development’s email was compromised earlier this year.

Also, in August, the Department of Justice revealed that a total of 27 U.S. Attorneys’ offices had one or more employees’ Microsoft Office 365 email accounts compromised during the SolarWinds attack in 2020.

The Law Enforcement Enterprise Portal is a platform used by U.S. law enforcement agencies and the intelligence community. It provides web-based investigative tools and analytical resources as well as resources for responding to emergencies such as active shooter incidents.