On 12 November 2021, an ethical hacker used an authentic FBI email address (eims@ic.fbi.gov) to send tens of thousands of hoax emails that casually hinted at the presence of a botnet on the recipients’ server.
The hacker said he did the hack to expose a vulnerability in the FBI’s system, namely unsecured code in an online portal designed to share information with law enforcement agencies.
The FBI acknowledged that its domain name and address had been used to send fake emails. But the bureau said the hacked server—the Law Enforcement Enterprise Portal (LEEP)—is only used to send notifications to law enforcement agencies and is not part of the FBI’s internal email service.