Cyber Security News

FBI’s Info Sharing Network ‘InfraGard’ Hacked – Database Exposed On Cybercrime Forum

This week, a database of contact information for more than 80,000 members of InfraGard, a project established by the U.S. Federal Bureau of Investigation (FBI) to establish partnerships with the private sector for the exchange of information about cyber and physical threats, was put up for sale.

“The hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself”, reported KrebOnSecurity.

The Specifics of the Hack

The user database for InfraGard, which contained the names and contact details of tens of thousands of InfraGard members, was advertised for sale in a shocking new thread on the relatively recent cybercrime site Breached on December 10, 2022.

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.

The FBI stated that it is aware of a potential false account associated with the InfraGard Portal and that it is actively looking into the matter.

“This is an ongoing situation, and we are not able to provide any additional information at this time,” the FBI said in a written statement.

According to the reports, the seller of the InfraGard database is a Breached forum user with the handle “USDoD” with the U.S. Department of Defense seal as his avatar.

USDoD’s InfraGard sales thread on Breached

Also, the USDoD said that they were able to access the InfraGard system of the FBI by applying for a new account using the name, Social Security Number, birth date, and other personal information of the chief executive officer of a company that was very likely to be accepted as an InfraGard member.

USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO’s name, and that the application included a contact email address that they controlled — but also the CEO’s real mobile phone number.

The Application Programming Interface (API), which is integrated into various important parts of the website that enable InfraGard members to connect and communicate with one another, is how USDoD claimed the InfraGard user data was made easily accessible.

Notably, after their InfraGard membership was granted,  they asked a friend to write a Python script to query that API and retrieve every piece of InfraGard user data that was accessible.

“InfraGard is a social media intelligence hub for high profile persons,” USDoD said. “They even got [a] forum to discuss things.”

Reports say given that it is a fairly basic list of people who are already quite security-conscious, the USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a bit high.

Further, the majority of the other database entries, such as Social Security Number and Date of Birth, are empty, and only roughly half of the user accounts have an email address.

A screenshot shared by USDoD showing a message thread in the FBI’s InfraGard system

USDoD said that the sale of the database is covered by the escrow service offered by the Breached administrator Pompompurin. 

Pompompurin has been a thorn in the side of the FBI for years. Their Breached forum is widely considered to be the second incarnation of RaidForums, a remarkably similar English-language cybercrime forum shuttered by the U.S. Department of Justice in April.

The FBI’s inadequate cybersecurity measures were exposed by the attack; the US agency informed Krebs that it is aware of a possible phoney account connected to InfraGard. 

“This is an ongoing situation, and we are not able to provide any additional information at this time,” reads the statement shared by the FBI.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Critical Exim Mali Server Vulnerability Impacts 1.5 Million Email Servers

According to recent findings by security researchers, more than 1.5 million email servers are currently…

6 hours ago

AT&T Massive Data Breach – Affecting Nearly All Customers’ Call & Text Records

AT&T, one of the largest telecommunications companies in the United States, has disclosed a significant…

18 hours ago

FishXProxy Fuels Phishing Attacks with Clever Deceptive Attacks

Imagine receiving an email that looks legitimate, down to the last detail. This is the…

21 hours ago

Beware of Phishing Attack that Abuses SharePoint Servers

A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.…

22 hours ago

Apple Warns of Users in 98 Countries of Targeted Spyware Attacks

Apple has alerted iPhone users in 98 countries about potential mercenary spyware attacks. This marks…

24 hours ago

Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).…

1 day ago