FBI’s InfraGard hacked, data of 80,000 members put up for sale

The FBI was repeatedly breached recently. On December 10, 2022, a database of contact information for more than 80,000 members of the FBI’s InfraGard was put up for sale on an underground hacking forum.

According to Brian Krebs of Krebs on Security, who first reported the breach, the data was put up for sale on Breached, an English-language cybercrime forum, for $50,000. Krebs contacted the seller, going by the name USDoD, who said they stole the data by impersonating the CEO of an unnamed but large US financial company that conducts credit ratings on Americans.

“USDoD” obtained the data by applying for a new account on InfraGard, the federal law enforcement agency’s private-sector information-sharing program. The USDoD used the name, social security number, date of birth and other personal details of the financial company’s CEO to sign up for the account. However, they did not expect to be approved.

“When you register, they said it can take at least three months to get approved,” the USDoD told Krebs. “I was not expected to be approved[d].” The threat actor ran a Python script to search for data through an application programming interface (API) present across “several key components of the website.”

Dr. Ilia Kolochenko, Chief Architect and CEO of ImmuniWeb, Adjunct Professor of Cyber ​​Security and Cyber ​​Law at Capitol Technology University, and member of the Europol Data Protection Experts Network, told Spiceworks: “This incident once again highlights that Internet-facing web applications and APIs is still one of the weakest links of organizations. However, I will refrain from drawing any conclusions until InfraGard and the FBI complete their investigation and provide a report on the scope of the breach.”

See more: Ex-NSA worker caught selling classified paper stolen through system misconfiguration

The data breached includes the names of all breached users, the email addresses of half of the users and social security numbers and dates of birth for some. “I don’t think anyone will pay that price, but I have to [price it] a little higher [negotiate] the price I want,” explained the USDoD.

Dr. Kolochenko disagrees. “Organized cybercrime groups will readily pay $50,000 to obtain sensitive personal information of cyber investigators and law enforcement officers to launch sophisticated phishing attacks and impersonation campaigns, and attempt to gain privileged access to other highly sensitive resources or government databases by reusing stolen information,” says Dr. Kolochenko added.

“Some cybercriminals can simply pay for the stolen data to launch online stalking and intimidation campaigns against the victims of the breach or even against their family members.”

InfraGard’s purpose is to make information sharing seamless between members, which include domain-agnostic managers and security personnel, to protect US critical infrastructure such as electric grids, oil pipelines, the energy sector, healthcare, dams, etc.

“If the information about the breach is correct, it could have quite devastating consequences for cybersecurity and law enforcement personnel who are InfraGard members,” continued Dr. Kolochenko.

While the crunched data suggests the scale is relatively insignificant, it does blow up a gaping hole in the FBI’s efforts to counter cybercrime. While the USDoD was active on InfraGard, they sent personal messages to CEOs and other business leaders asking for contact details that could then be used for phishing and follow-up intrusion activities.

Let us know if you enjoyed reading this news LinkedInOpens a new window , TwitterOpens a new window or FacebookOpens a new window . We’d love to hear from you!