In 1996, the U.S. Federal Bureau of Investigation (FBI) launched a program named InfraGard to develop physical and cyber threat information-sharing collaborations with the private sector. Recently, a database containing contact details of over 87,000 members of InfraGard was posted on BreachedForums, a cybercrime and hacking forum which surfaced as an alternative to the now-defunct now-seized Raidforums.
Here are the details of the incident.
As seen by Hackread.com, the hacker is selling the stolen InfraGard database for $50,000. In a post published on the forum on 10th December 2022, the hacker also provided sample data to verify their claim which contained a variety of personal information of InfraGard members including the following:
- Full names
- Email addresses
- Employment details
- Industry of employment
- Social media USERIDs and more.
The seller uses the nick “USDoD” and has the U.S. Department of Defense seal as the avatar. Further probe revealed the hacker infiltrated the network after registering an account in the name of the CEO of a financial organization CEO, vetted by the FBI, without their knowledge or consent.
How did the Hack Occur?
On the other hand, independent security researcher Brian Krebs also reported the breach. Krebs contacted the hacker who informed him how they obtained the data. The seller revealed that they gained access to the InfraGard network by applying for a new account, using personal details, including name, date of birth, and Social Security Number, of a CEO of a company who was a promising candidate for InfraGard membership.
This CEO is the head of a major US financial corporation that directly impacts Americans’ creditworthiness. The hacker applied on behalf of this CEO in November, including their personal email I.D., and they added the CEO’s real cellphone number.
It is worth noting that approval on InfraGard usually takes around 3 months, but the hacker’s application was approved earlier than usual. Since InfraGard’s system allows members to choose between one-time code activation through email or SMS and MFA, the hacker’s job became easier as they could access the program’s user data through an Application Programming Interface/API.
Further, they requested a friend to write Python code to retrieve all the data from the API. The hacker claims to have access to their account on InfraGard still and is in direct contact with its members via the program’s online portal.
Scale of Breach
It is worth mentioning that the InfraGard program has details of high-profile personalities in the private sector, involving administrative heads from physical and cyber security firms. These organizations manage critical national security and welfare infrastructure, such as power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms.
Per the FBI InfraGard fact sheet, the program connects owners, stakeholders, and operators of critical infrastructures with the bureau, offering them information sharing, education, and networking services to mitigate looming threats and risks collectively.
Moreover, when assessed, it turned out that almost half of the user accounts didn’t contain email addresses, and crucial fields like date of birth and Social Security Number were empty in most records.
KrebsOnSecurity has shared the screenshots and related data of the communication with the hacker so that they could be removed from the InfraGard forum.
History of InfraGard
InfraGard was established in 1996 as a joint initiative of the FBI’s National Infrastructure Protection Center (NIPC) and the Information Systems Security Association (ISSA). InfraGard provides access to secure email systems, secure data storage platforms, web-based vulnerability assessment tools, password management solutions and other security services.
Additionally, InfraGard offers educational seminars on topics such as cybersecurity best practices and emerging threats. These seminars are open to members of all sectors and help them stay informed about current security trends.
Furthermore, InfraGard also provides resources for identifying potential cybercrime victims or suspicious activities before they become major issues.
- Software in FBI’s biometric database contains Russian code
- Hacker dumps Guns.com database with customers, admin data
- 1 out of 2 American Adults Part of FBI’s Facial Recognition Database
- New Uber Data Breach – Hacker Leaks Employee and Sensitive Data
- Database with 1.2 billion people’s data leaked online without password