- Electronic FBI.gov emails are sold for $ 40 on encrypted web channels
- Criminals use stolen government accounts to submit falsified emergency applications to technology companies
- Sellers offer SMTP, POP3 or IMAP credentials for complete account control
Cybersecurity researchers have expressed concerns about the sale of FBI committed .gov and other government email accounts on the dark website, warning that the activity could allow large -scale malware campaigns.
An abnormal AI report states that these accounts are offered through encrypted messaging services such as Telegram and Signal, with some prices as low as $ 40.
In some cases, sellers have offered packages that contain multiple accounts of the US government, including those with FBI.gov domains, which have a high level of credibility.
Computer pirates offer full access and high credibility
The cost of these accounts is relatively small, but the potential impact is substantial because the accounts can be used to impersonate reliable authorities.
When you buy, usually using cryptocurrencies, the buyer receives SMTP, POP3 or IMAP credentials. This access level allows control over the account through any email customer, allowing messages to be sent, attach malicious files or access online platforms that require government verification.
Some ads encourage buyers to send fraudulent emergency data requests.
These are modeled after legitimate requests that the agencies for the application of the law issue in urgent situations when there is no time to ensure a citation.
Technology companies and telecommunications suppliers are legally obliged to respond to valid applications, which means that the falsified ones could lead to the dissemination of confidential data such as IP addresses, emails and telephone numbers.
Some criminal listings also promote access to the official portals of application of the law, and some of these offers appear even on conventional platforms such as Tiktok and X.
Stolen credentials are marketed for their ability to unlock improved access to open source intelligence tools such as Shodan and Intelligence X, which normally reserve premium characteristics for verified government users.
The methods used to obtain these accounts are often simple but effective.
An important approach is the filling of credentials, where the attackers exploit the password reusing on multiple platforms.
Another method involves infantseal malware, which is software designed to extract login credentials saved from browsers and email.
Specific Phishing and Social Engineering attacks are also common, where attackers create emails or deceptive messages that deceive government employees to reveal login details or click malicious links.
In general, these techniques focus on exploiting human and technical vulnerabilities instead of piracy sophisticated government systems directly.
That said, emails that originate in domains such as .gov and. Education tends to avoid many technical filters, making the recipients more likely to open attachments or click integrated links.
This advantage increases the success rate of phishing attempts or malware delivery.
While the application accounts of the law committed have been sold for years, investigators say there has been a recent change towards specific cases of specific marketing instead of simply offering access.
The report describes this as a commercialization of institutional trust, where active and verified input trays are reused for immediate fraudulent use.
