Hackers say they broke into the FBI’s InfraGard database of 80,000 members by posing as the CEO of a financial firm
A hacker reportedly posing as the CEO of a financial institution claims to have gained access to the more than 80,000-member database of InfraGard, an FBI-run intelligence program that shares sensitive information about national security and cybersecurity threats with officials and… the private sector shares stakeholders operating critical infrastructure in the US.
The hacker posted samples from the database on an online forum popular with cybercriminals last weekend and said he was asking $50,000 for the entire database.
The hacker gained access to InfraGard’s online portal by posing as the CEO of a financial institution, they told independent cybersecurity journalist Brian Krebs, who published the story. They called the review process surprisingly lax.
The FBI declined to comment. Krebs reported that the agency informed him that it was aware of a potential bogus account and the matter was being investigated.
InfraGard’s membership is a true who’s who of critical infrastructure. It includes business leaders, IT professionals, military, state and local law enforcement, and government officials involved in overseeing the safety of everything from the power grid and transportation to healthcare, pipelines, nuclear reactors, the defense industry, dams, waterworks, and financial services. Established in 1996, it is the FBI’s largest public-private partnership, with local alliances connected to all field offices. It regularly shares FBI and Department of Homeland Security threat alerts and serves as a behind-closed-doors social media site for select insiders.
The database contains the names, affiliations and contact information of tens of thousands of InfraGard users. Krebs first reported his theft on Tuesday.
The hacker, who goes by the username USDoD on the BreachForums website, said on the site that records from just 47,000 members of the forum — just over half — contain unique emails. The hacker also posted that the data did not include social security numbers or dates of birth. Although fields for this information existed in the database, InfraGard’s security-conscious users had left them blank.
However, the hacker told Krebs that he had sent messages to InfraGard members posing as the financial institution’s CEO in an attempt to obtain more personal information that could be used for criminal purposes.
The AP reached out to the hacker via private message on the BreachForums website. They wouldn’t say if they’d found a buyer for the stolen records or answer any other questions. But they said Krebs’ article was “100% correct”.
The FBI offered no explanation as to how the hacker got it to approve InfraGard membership. Krebs reported that the hacker provided a contact email address he controlled, as well as the CEO’s real cell phone number, when he applied for InfraGard membership in November.
Krebs quoted the hacker as saying that InfraGard approved the request in early December and that they could use the email to obtain a one-time authentication code.
Once inside, the hacker said the database information was easy to obtain with a simple software script.
Our new weekly Impact Report newsletter explores how ESG news and trends are shaping the roles and responsibilities of today’s leaders. Subscribe here.
