Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English UK
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log In
    Have an account?
    · Forgotten your password?
    New to Twitter?
    Sign up
GossiTheDog's profile
Kevin Beaumont
Kevin Beaumont
Kevin Beaumont
Verified account
@GossiTheDog

Tweets

Kevin BeaumontVerified account

@GossiTheDog

cybersecurity pleb 🐿 my tweets are severely limited by my lack of understanding of what I am doing.

doublepulsar.com
Joined January 2009

Tweets

  • © 2022 Twitter
  • About
  • Help Centre
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list

    Under 100 characters, optional
    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgotten your password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log In »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not doing it for you?

    Hover over the profile pic and click the Following button to unfollow any account you're not interested in anymore.

    Say a lot with a little

    When you see a Tweet you love, tap the heart – it lets the person who wrote it know that you appreciate them.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about and jump right in.

    Learn the latest

    Get instant insight into what people are talking about right now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find out what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    1. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      Kevin Beaumont Retweeted Spamhaus

      FBI email infrastructure has been compromised and is being used to send fake emails about fake cyberattacks to system admins right now.https://twitter.com/spamhaus/status/1459450061696417792 …

      Kevin Beaumont added,

      Spamhaus @spamhaus
      We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
      Show this thread
      50 replies . 1,456 retweets 2,763 likes
      Show this thread
    2. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      This is an example email being sent via FBI notification. It is not real.pic.twitter.com/w6fvQrZiAF

      8 replies . 81 retweets 270 likes
      Show this thread
    3. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      Cc @vinnytroia so he’s aware.

      1 reply . 1 retweet 90 likes
      Show this thread
    4. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      The good news is you know for sure the FBI/DHS have had a breach as the emails are cryptographically signed by FBI/DHS 😅

      13 replies . 50 retweets 332 likes
      Show this thread
    5. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      The email was sent from these FBI internal servers, per the headers (which validate with DKIM). dap00025.str0.eims.cjis - 10.67.35.50 wvadc-dmz-pmo003-fbi.enet.cjis dap00040.str0.eims.cjis - 10.66.2.72 Before anybody runs off the Russia cliff, I would check webapps.

      4 replies . 18 retweets 173 likes
      Show this thread
    6. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      Eg this looks like a probable starting point.https://www.fbi.gov/services/cjis/leep …

      5 replies . 13 retweets 125 likes
      Show this thread
      Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

      If anybody is wondering how companies managed to think the email was real, it went out in the early hours of the morning. Your CISO and leadership team aren’t online. Incident response kicks in, RIP those on call getting the call about FBI attack notification at 2am.pic.twitter.com/0BeJClciox

      6:34 am - 13 Nov 2021
      • 15 Retweets
      • 182 Likes
      • EIRZEN Jamie Howarth 🌻miguel nomicon🌻 Kate Adam Sophie, indistinguishable from random noise DSDigital Lolzcifer 🍎🖥🔥🐣 tildasec
      7 replies . 15 retweets 182 likes
        1. New conversation
        1. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          Kevin Beaumont Retweeted briankrebs

          The threat actor also separately messaged Brian Krebs from the FBI's Criminal Justice Information Services Division email system (spot the different subject).https://twitter.com/briankrebs/status/1459523630996598790 …

          Kevin Beaumont added,

          briankrebsVerified account @briankrebs
          Got one of these this morning. Full headers in image https://twitter.com/spamhaus/status/1459450061696417792 … pic.twitter.com/pOzEKjdWHF
          4 replies . 16 retweets 98 likes
          Show this thread
        2. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          Something tells me @pompompur_in’s Twitter header image is on point. 🤣pic.twitter.com/HxaQUXp7L8

          1 reply . 1 retweet 74 likes
          Show this thread
        3. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          Kevin Beaumont Retweeted briankrebs

          I think the FBI probably want to isolate some systems. 😅https://twitter.com/briankrebs/status/1459548776226594818 …

          Kevin Beaumont added,

          briankrebsVerified account @briankrebs
          Replying to @GossiTheDog
          Yep. Although my message wasn't about critical infrastructure threats. It was about the size of my "fivehead."
          2 replies . 3 retweets 86 likes
          Show this thread
        4. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          I just talked to a friend at an MSSP, they got battered with calls about this overnight. On the other end of the spectrum will be the SMBs panicking on Monday morning 😅 Seriously though, probably don’t send these kind of emails if you have this level of access.

          3 replies . 4 retweets 65 likes
          Show this thread
        5. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          Kevin Beaumont Retweeted hal

          FBI’s Criminal Justice Information Systems LEEP portal logins are failing now.https://twitter.com/68616c/status/1459594337612828677 …

          Kevin Beaumont added,

          hal @68616c
          Replying to @GossiTheDog
          FYI, CJIS logon to iLEEP shut down. Logon worked 30 minutes ago. pic.twitter.com/6SPGzb8mj9
          2 replies . 14 retweets 64 likes
          Show this thread
        6. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          Kevin Beaumont Retweeted briankrebs

          FBI comment confirming. They are in IR mode basically.https://twitter.com/briankrebs/status/1459604373680627721 …

          Kevin Beaumont added,

          briankrebsVerified account @briankrebs
          I asked the FBI for comment. Here's what they said: "The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time." https://twitter.com/briankrebs/status/1459523630996598790 …
          3 replies . 20 retweets 124 likes
          Show this thread
        7. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          I think a lot of people will be watching the public response by the FBI to this in the coming weeks. The FBI have the option to be as transparent as possible about a breach, which may aid companies in the future in their breaches.

          1 reply . 8 retweets 92 likes
          Show this thread
        8. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          “The impacted hardware was taken offline quickly upon discovery of the issue.”https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails …

          6 replies . 31 retweets 66 likes
          Show this thread
        9. Kevin Beaumont‏Verified account @GossiTheDog 13 Nov 2021

          .@briankrebs interviewed the threat actor behind this (who contacted him via the FBI’s network).https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/ …

          6 replies . 65 retweets 143 likes
          Show this thread
        10. Kevin Beaumont‏Verified account @GossiTheDog 14 Nov 2021

          Updated FBI statement. I think it’s pretty open and transparent, and a quick isolation. LEEP webapp was indeed abused. Well handled incident I think. Orgs should take note talking about it stops rumour mill stories. https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/ …pic.twitter.com/POA3NcHOsz

          0 replies . 17 retweets 46 likes
          Show this thread
          11. End of conversation

      Loading seems to be taking a while.

      Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

        Promoted Tweet

        false

        • © 2022 Twitter
        • About
        • Help Centre
        • Terms
        • Privacy policy
        • Cookies
        • Ads info