FBI’s InfraGard Hacked, Data of 80,000 Members Put for Sale
The InfraGard hacker also targeted security professionals and company leaders by impersonating a CEO of a major financial services company.
The FBI was repeatedly breached recently. On December 10, 2022, a database containing the contact information of more than 80,000 members of the FBI’s InfraGard went up on sale on an underground hacking forum.
According to Brian Krebs of Krebs on Security, who first reported the breach, the data was put up for sale on Breached, an English-language cybercrime forum, for $50,000. Krebs contacted the seller, going by the monicker USDoD, who said they stole the data by impersonating the CEO of an unnamed but major U.S. financial corporation engaged in credit rating assessment of Americans.
“USDoD” obtained the data by applying for a new account on InfraGard, the federal law enforcement agency’s information-sharing program with the private sector. USDoD used the name, Social Security Number, date of birth and other personal details of the financial corporation’s CEO to register for the account. However, they didn’t expect to be approved.
“When you register they said that to be approved can take at least three months,” USDoD told Krebs. “I wasn’t expected to be approve[d].” The threat actor ran a Python script to query data through an application programming interface (API) present across “several key components of the website.”
Dr. Ilia Kolochenko, chief architect & CEO of ImmuniWeb, adjunct professor of cybersecurity & cyber law at Capitol Technology University, and a member of the Europol Data Protection Experts Network, told Spiceworks, “This incident highlights once again that Internet-facing web applications and APIs remain one of the weakest links of organizations. I would, however, refrain from making any conclusions before InfraGard and the FBI finish the investigation and provide a report about the scope of the breach.”
See More: Ex-NSA Worker Caught Selling Classified Papers Stolen Through System Misconfiguration
The breached data includes the names of all breached users, email addresses of half of the users, and Social Security Numbers and dates of birth of some. “I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want,” USDoD explained.
Dr. Kolochenko disagrees. “Organized cybercrime groups will readily pay $50,000 to get sensitive personal details of cyber investigators and law enforcement officers to launch sophisticated phishing attacks and impersonation campaigns, trying to get privileged access to other highly sensitive resources or governmental databases by reusing stolen information,” Dr. Kolochenko added.
“Some cyber gangs may simply pay for the stolen data to launch online stalking and intimidation campaigns against the victims of the breach or even against their family members.”
InfraGard’s purpose is to make information sharing seamless between members, which includes domain-agnostic leaders and security professionals, to protect U.S. critical infrastructure such as electrical grids, oil pipelines, the energy sector, healthcare facilities, dams, etc.
“If the information about the breach is correct, it may have fairly devastating consequences for the cybersecurity and law enforcement professionals who are InfraGard members,” Dr. Kolochenko continued.
While the breached data suggest the scope to be relatively insignificant, it does blow open a gaping hole in the FBI’s efforts to counter cybercrime. While USDoD was active on InfraGard, they sent personalized messages to CEOs and other company leaders requesting contact details which can then be used for phishing and follow-up intrusion activities.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON DATA BREACHES
