Contents:
Last week, a database containing the contact information of more than 80,000 InfraGard members was put up for sale. InfraGard is a project established by the Federal Bureau of Investigation (FBI) to establish partnerships with the private sector in order to share information about cyber and physical threats.
The FBI’s InfraGard US Critical Infrastructure Intelligence portal was hacked and the massive database encompassing the contact details of high-profile private sector individuals was advertised for sale in a thread on the Breached cybercrime forum, on December 10, 2022.
A report published by KrebsOnSecurity claims the attackers responsible are communicating directly with members through the InfraGard portal online, using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
There has been no official statement coming from FBI, however, as an initial response to KrebsOnSecurity, the federal institution stated that it is aware of a potential false account associated with the InfraGard Portal and that it is actively looking into the matter.
This is an ongoing situation, and we are not able to provide any additional information at this time.
USDoD as a Threat Actor
The seller of the InfraGard database is a Breached forum user with the handle “USDoD” with the U.S. Department of Defense seal as his avatar. USDoD said they were able to access the FBI’s InfraGard system by applying for a new account using the name, birth date, and other personal information belonging to the CEO of a company most likely to be accepted as a member.
Furthermore, according to Brian Krebs, USDoD recounted their phony application was submitted in November in the CEO’s name, and that the application included a contact email address they controlled, as well as the CEO’s real mobile phone number. Once the membership was granted, an affiliate wrote a Python script to query the InfraGard API and enumerate all user data.
Given that this is a list of people who are already pretty security-conscious, it would seem the USDoD’s initial asking price for the InfraGard database might be a bit high. Additionally, the majority of the other database entries, such as social security number and date of birth, are empty. For the most part, only roughly half of the user accounts have an email address. On this matter, USDoD said the sale of the database is covered by a collateral service provided by the Breached administrator, Pompompurin.
Following their initial report, KrebsonSecurity made an update stating they heard back from the financial company CEO whose identity was used to fool the FBI into approving an InfraGard membership. The CEO said they were never contacted by the FBI.
The Result of Poor Cybersecurity
This data breach revealed the poor level of cybersecurity implemented by the FBI and opens a gaping hole in their efforts to counter cybercrime. While USDoD was active on InfraGard, they sent personalized messages to CEOs and other company leaders requesting contact details which can then be used for phishing and follow-up intrusion activities.
However, this is not the first time FBI becomes a victim of cybercrime. In 2021, their email systems were hacked, and spam emails mimicking FBI warnings were sent out. The emails were warning in regard to a “sophisticated chain assault” perpetrated by an advanced threat artist called Vinny Troia.
If you enjoyed this article, follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!