Dark Web Sale of FBI LEEP Classified Data Sparks Concerns Over National Security

A dark web user was found selling account credentials allegedly from the Law Enforcement Enterprise Portal (LEEP).

The Federal Bureau of Investigation relies on LEEP as a platform that offers specialized investigative tools, analytical solutions, and internal networking opportunities.

The alleged FBI LEEP data sale can mean information of a critical nature is at risk of being misused by cybercriminals. The services offered by LEEP are used by US law enforcement agencies, intelligence groups, and criminal justice organizations.

FBI LEEP Data Sale

The above screenshot shows the FBI LEEP breach with a watermark on top of the portal page. The watermark of @FEDCREDS could not be taken as proof of the FBI LEEP hacking as did not log in to the portal.

The FBI LEEP credential leak was tweeted by a retired National Security Agency personnel, Cyber Omniscience.

The tweet read, “#FedCreds is selling account credentials (username/password) for the FBI’s Law Enforcement Enterprise Portal (LEEP). #SiegedSec.” If true, the FBI LEEP credential sale by SeigedSec puts classified emails and projects at risk.

It is not clear how many login credentials have been put on sale by the SeigedSec hacker group. Nor is it known if the credentials are genuine.

Previous FBI LEEP Cyber Attack

Two waves of a campaign wherein emails were sent in bulk were found in a previous instance of an FBI LEEP cyber attack.

This incident was investigated by the international nonprofit Spamhaus Project, which specializes in tacking spammy emails, phishing attempts, and malware among others.

This FBI LEEP email scam took place on 13 November 2021 and it involved sending fraudulent emails to over 100,000 recipients. The fraudulent alerts impersonated the FBI and urged users to be watchful of chain attacks.

The FBI LEEP emails were found to be sent from a legitimate ID – eims@ic.fbi.gov. The hacker was using the FBI’s IP address 153.31.119.142.

The email addresses of the over 100,000 recipients of the FBI LEEP fraudulent emails were scrapped from the American Registry for Internet Numbers (ARIN). ARIN is a nonprofit that monitors IP addresses for security purposes among others.

The issues related to the present sale of the FBI LEEP credentials could allow prominent hackers to log in and send malicious emails to several connected legal agencies.

Regardless of the legitimacy of the FBI LEEP data sale of usernames and passwords, now is a critical time to change login credentials by all US legal agencies. It is not clear if hackers have logged in to harvest the credentials of others in their contacts.

Credential hacking puts not just one organization or individual at risk but, all those whose emails a cybercriminal finds.

How the hacker found access to the first FBI LEEP user could be due to brute forcing or guessing login credentials, or using an infostealer or an information stealing malware.

Cybercriminals have also been known to cause MFA fatigue to employees of an organization, in this case, the ride-sharing platform, UBER.

A hacker from the Lapsus group caused MFA fatigue to an employee by sending multiple MFA authentication notifications on their device.

To stop the flow of messages, the Uber staff eventually accepted a login request leading to the Uber cyber attack.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.