One of the FBI website had a web form that allowed arbitrary content to be sent from a legitimate FBI domain – passing all DMARC, DKIM, SPF. This isn’t even a hack – anyone could have done it using their web browser. But it could have serious consequences had the attacker had more nefarious motives.
The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for…