Friday, August 15, 2025
Latest:

Threatshub.org sponsored-Post

The Register

Psst: wanna buy a legit FBI email account for $40?

TH Author

Criminals are selling access to FBI and other law enforcement and government email accounts to other criminals via dark web marketplaces for as little as $40.

These are active accounts, which miscreants have compromised so their peers can pose as government officials and cops in pursuit of further crimes, according to Abnormal AI researchers, who documented the illicit economy in a Thursday report. The email accounts include agencies in the US, UK, Brazil, Germany, and India.

“This isn’t just recycled credential data,” Abnormal AI’s head of threat intel Piotr Wojtyla told The Register. “It’s real-time access to active .gov and .police accounts, confirmed through direct engagement with a top dark web seller.”

The research team confirmed that the accounts were live, and not spoofed or dormant, via screenshots belonging to current officers, combined with investigative tools like license plate lookup systems, CARFAX law enforcement panels, and portals for submitting official data requests to major tech companies.

“This means threat actors aren’t simply holding email logins, they’re operating as verified government identities, with the ability to compel data disclosure, survey individuals, and manipulate investigations,” Wojtyla said.

In addition to impersonating police and government workers to trick victims into paying phony fines, or disclosing personal and financial information, baddies can also use these stolen email credentials to send fraudulent subpoenas and emergency data requests to telecommunications and tech firms.

For example, the US Communications Assistance for Law Enforcement Act — better known as CALEA — requires telecoms and internet companies to comply with wiretapping requests from law enforcement, and having a legitimate .gov or .police email account would make it easier for criminals to obtain these surveillance records. Sometimes these companies don’t even require a warrant.

There’s also a legal mechanism in the US called emergency data requests (EDRs) through which law enforcement agencies can obtain information from service providers during an emergency. These are supposed to be used only to locate people in potentially life-threatening situations.

In November, however, the FBI warned that criminals were using compromised government email addresses to submit fraudulent EDRs to US-based companies, tricking the firms into exposing personally identifying information.

Some criminal marketplaces uncovered by Abnormal’s team also sell access to “law enforcement portals [on platforms such as META, TikTok, Twitter/X] for additional data retrieval requests,” we’re told.

The report says that they uncovered evidence of a dark web forum of attackers successfully accessing Twitter’s Legal Request Submission system using a compromised account. “This capability enables them to pull private user data, issue account takedown requests, or remove content under the guise of an official request,” the research team wrote.

So how are the digital thieves stealing government login details in the first place? Abnormal points to all the usual methods. 

This includes credential stuffing and exploiting weak or reused passwords — yes, even government employees are guilty of “1234abcd.”

“With billions of stolen passwords from past breaches circulating online, attackers systematically test government email addresses against leaked password databases,” Abnormal’s team wrote.

There’s also a rise in info-stealing malware as well as phishing and social engineering targeting law enforcement and government workers. In July, security biz eSentire blamed advanced phishing kits and infostealers for a 156 percent jump in cyberattacks targeting user logins.

Criminals can buy bulk log files containing compromised government credentials for as little as $5, according to Abnomal, and then test which email accounts are still active.

“Possession of an active .police or .gov account means more than sending convincing emails,” the researchers noted. “It grants the ability to operate within systems designed exclusively for official use — systems that hold a wealth of sensitive personal and investigative data.” ®

READ MORE HERE