Stolen Email Accounts Belonging to Law Enforcement and Government Officers Auctioned on the Dark Web for Forty Dollars
In a concerning development, cybercriminals have been identified as selling access to active law enforcement and government email accounts on the dark web. These accounts, often acquired through simple but effective approaches such as credential stuffing, infostealer malware, and targeted phishing attacks, provide the actors with full control over the inbox through any email client.
According to a report by Abnormal AI, the strategy has shifted from merely reselling access to actively marketing specific use cases. These include submitting fraudulent subpoenas, bypassing verification procedures for social platforms and cloud providers, and gaining enhanced access to premium open-source intelligence (OSINT) services like Shodan and Intelligence X.
The cost for these compromised accounts can be as low as $40 per account, and they are typically sold via encrypted messaging platforms like Telegram or Signal. Some sellers even promote leveraging these stolen credentials to gain access to official law enforcement portals on platforms like TikTok and X for additional data retrieval requests.
The Abnormal AI investigation identified criminal groups such as FIN7, Cozy Bear, and Shiny Hunters as responsible for the sales of these active government and agency email accounts. These accounts belong to officials from countries including the US, UK, India, Brazil, and Germany.
The implications of this activity are significant. Emails sent from domains such as .gov and .police are more likely to evade technical defenses and less likely to raise suspicion among recipients. This results in a higher ratio of malicious attachments and links being clicked on. Attackers can impersonate law enforcement and government employees through their emails, allowing them to conduct sophisticated fraud and data theft schemes.
Moreover, these compromised accounts are not dormant or spoofed, but active and trusted. This means that attackers have immediate access to send emails or take advantage of government-only services. One such scheme involves sending fake subpoenas and accessing sensitive information through emergency data requests.
Agencies such as the FBI have not been immune to these breaches. The use of these compromised accounts poses a serious threat to the integrity of law enforcement and government operations, as well as to the privacy of individuals. It is crucial for all parties involved to be vigilant and take necessary measures to secure their email accounts and protect against such threats.
