FBI’s InfraGard US Critical Infrastructure Intelligence Portal hacked
The FBI has seen one of its key databases hacked, and it looks like a major security lapse by the agency is to blame.
As KrebsonSecurity reports(Opens in a new window), InfraGard is described by hackers as “a social media intelligence hub for high-profile individuals.” The FBI describes InfraGard(Opens in a new window) such as connecting “critical infrastructure owners and operators to the FBI, to provide education, information sharing, networking and workshops on new technologies and threats.” In other words, it’s a database of high-profile, security-conscious people in the United States.
That database is now up for sale on the Breached cybercrime forum for $50,000, offering access to the contact information of over 80,000 InfraGard members.
The database was stolen by a hacker who goes by the name USDoD. The way they gained access was relatively simple – using the personal details of a real CEO from a financial company “highly likely to gain InfraGard membership”, they simply applied for an account. That was in November, and by early December the account had been approved to the hacker’s surprise.
USDoD completed the registration process using email verification and then ran a Python script from a friend to query the InfraGard API and collect all user data. The data collected has since been verified as genuine.
Recommended by our editors
The most concerning aspect of this data theft is the total lack of security checks by the FBI. The person whose identity was used to create this account has confirmed that they were never contacted by the FBI before the account was approved. The FBI has also confirmed to Krebs that it is aware of a potential fake account linked to InfraGard and that “this is an ongoing situation and we are unable to provide additional information at this time.”
The USDoD admits that the $50,000 price tag placed on the database is high, but it must be to allow for price negotiations when someone shows interest in purchasing it. The information provided is also quite limited, but while the InfraGard account is still active, there is nothing to prevent these high-profile individuals from being contacted by hackers.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.