- FBI.GOV compromise emails are sold for $ 40 on Dark Costs CHANTS
- Criminals use stolen government accounts to submit emergency requests for technology companies
- Sellers offer complete identification information SMTP, POP3 or IMAP for complete account control
Cybersecurity researchers have raised concerns about the sale of FBI.GOV compromise and other government messaging accounts on the Dark Web, warning that activity could allow large -scale malware campaigns.
An abnormal AI report claims that these accounts are offered through encrypted messaging services such as Telegram and Signal, certain prices as low as $ 40.
In some cases, the sellers offered beams containing several accounts of the US government, including those with FBI .GOV areas, which have a high level of credibility.
The pirates offer full access and great credibility
The cost of these accounts is relatively low, but the potential impact is substantial because the accounts can be used to usurp the identity of the trusted authorities.
When purchased, generally using the cryptocurrency, the buyer receives complete identification information SMTP, POP3 or IMAP. This level of access makes it possible to control the account via any messaging customer, activate the sending of messages, to attach malicious files or access to online platforms that require government verification.
Some advertisements encourage buyers to submit fraudulent emergency data requests.
These are modeled after the legitimate requests that law enforcement organizations emit in urgent situations when there is no time to ensure assignment.
Technological companies and telecommunications suppliers are legally obliged to respond to valid requests, which means that forged that could potentially lead to the disclosure of sensitive data such as IP addresses, emails and telephone numbers.
Some criminal announcements also promote access to official laws for applying the law, some of these offers even appearing on consumer platforms like Tiktok and X.
The stolen identification information is marketed for their ability to unlock improved access to open source intelligence tools such as Shodan and Intelligence X, which normally reserve premium features for verified government users.
The methods used to obtain these accounts are often simple but effective.
A major approach is the farce of identification information, where attackers exploit the reuse of password on several platforms.
Another method involves malware info, which is software designed to extract recorded connection identification information from browsers and messaging customers.
Targeted phishing and social engineering attacks are also common, where attackers are developing deceptive emails or messages that encourage government employees to reveal connection details or click on malicious ties.
Overall, these techniques focus on the exploitation of human and technical vulnerabilities rather than the directly hacking of sophisticated government systems.
That said, emails from areas such as .Gov and .police tend to bypass many technical filters, making recipients more likely to open attachments or click on integrated links.
This advantage increases the success rate of phishing attempts or the delivery of malware.
Although the law enforcement accounts have been sold for years, researchers say that there has been a recent development towards the marketing of specific criminal use cases rather than simply offering access.
The report describes this as a merchant of institutional trust, where active and verified reception boxes are reused for immediate fraudulent use.
