FBI cyberthreat sharing portal has member data stolen
Contact info of key players in the private sector put up for sale on criminal forum
An FBI cybersecurity portal has been hacked, with contact information on thousands of its members leaked on an illicit cybercriminal forum.
More than 80,000 users on the InfraGard portal are thought to have now had their contact information leaked, with hackers messaging members directly under an account posing as an FBI vetted CEO in finance.
InfraGard works with businesses to share information relating to cyberattacks and other threats.
CEO posing
Names and contact information of these members went up for sale on Breached, a new cybercriminal forum.
InfraGard vets its members, comprised of key people at cybersecurity companies that are contracted to handle the security of national institutions, such as water, utilities, transport, healthcare and nuclear energy. The aim is to educate both the FBI and firms on cybersecurity threats by exchanging information.
In responding to the matter, the FBI stated that “This is an ongoing situation, and we are not able to provide any additional information at this time”.
KrebsOnSecurity made contact with the seller on Breached, who claimed that they applied for an InfraGard account under the guise of a real CEO of a major creditworthiness firm.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
They used their name, social security number, email address (which they also claimed they hacked) and phone number to fill out the application. The real CEO told KrebsOnSecurity that they never received contact from the FBI about the application.
Although not expecting to be accepted, the hacker received an email from InfraGard in early December that said they had indeed been approved.
InfraGard require multi-factor authentication, but users can choose to receive a one-time code by email instead of SMS. The hacker said that had they been forced to use only a phone, they would have been thwarted since they used the real phone number of the CEO, which they didn't have access to.
To actually steal the database, they claimed they simply exploited an API in the portal that helps members connect to one another. They used a Python script to retrieve the data from it, which contained every user's information.
Although the information they obtained is rather basic and in some instances incomplete, the hacker claimed that their real motive was to continue posing as a CEO and contact other InfraGard members, perhaps in the hopes of extracting more sensitive information.
The administrator of the Breached forum is Pompompurin, who has a history with the FBI. Last year, they exploited a vulnerability in another information sharing portal between the agency local law enforcements, gaining access to send copious amounts of spam emails from legitimate FBI email addresses and IPs.
- Here are our recommendations for the best endpoint protection software
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.