Data Breach

Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale

The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a cybercrime forum.

InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.

The FBI’s InfraGard US Critical Infrastructure Intelligence portal was hacked and a database containing the contact details of more than 80,000 high-profile private sector individuals is now available for sale on the Breached cybercrime forum.

“InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.” reported KrebOnSecurity. “Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.”

The seller, who is a forum member that goes online with moniker USDoD, is demanding $50,000 for the full user database containing names and contact information.

InfragardInfragard

According to Brian Krebs, USDoD claims to have breached the FBI’s InfraGard system by applying for a new account using the name, Social Security Number, date of birth  and other personal details of a major U.S. financial corporation that was highly likely to be granted InfraGard membership.

The attacker applied for an account in November and by early December the account had been surprisingly approved.

The attacker used a Python script developed by a friend to query the InfraGard API and enumerate all user data.

“InfraGard is a social media intelligence hub for high profile persons,” USDoD told Krebs. “They even got [a] forum to discuss things.”

The hack revealed the poor level of cybersecurity implemented by the FBI, the US agency told Krebs that it is aware of a potential false account associated with InfraGard.

“This is an ongoing situation, and we are not able to provide any additional information at this time,” reads the statement shared by the FBI.

USDoD said that the sale of the database is covered by the escrow service offered by the Breached administrator Pompompurin.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, FBI)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Silent Ransom Group targeting law firms, the FBI warns

FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback…

16 hours ago

Leader of Qakbot cybercrime network indicted in U.S. crackdown

The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices…

21 hours ago

Operation RapTor led to the arrest of 270 dark web vendors and buyers

Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…

2 days ago

Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks

A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…

2 days ago

U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…

2 days ago

New Signal update stops Windows from capturing user chats

Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…

3 days ago