InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.
The FBI’s InfraGard US Critical Infrastructure Intelligence portal was hacked and a database containing the contact details of more than 80,000 high-profile private sector individuals is now available for sale on the Breached cybercrime forum.
“InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.” reported KrebOnSecurity. “Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.”
The seller, who is a forum member that goes online with moniker USDoD, is demanding $50,000 for the full user database containing names and contact information.
According to Brian Krebs, USDoD claims to have breached the FBI’s InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a major U.S. financial corporation that was highly likely to be granted InfraGard membership.
The attacker applied for an account in November and by early December the account had been surprisingly approved.
The attacker used a Python script developed by a friend to query the InfraGard API and enumerate all user data.
“InfraGard is a social media intelligence hub for high profile persons,” USDoD told Krebs. “They even got [a] forum to discuss things.”
The hack revealed the poor level of cybersecurity implemented by the FBI, the US agency told Krebs that it is aware of a potential false account associated with InfraGard.
“This is an ongoing situation, and we are not able to provide any additional information at this time,” reads the statement shared by the FBI.
USDoD said that the sale of the database is covered by the escrow service offered by the Breached administrator Pompompurin.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, FBI)