FBI’s InfraGard US Critical Infrastructure Intelligence Portal database is for saleSecurity Affairs

The FBI’s InfraGard US Critical Infrastructure Intelligence portal has been hacked and data is being sold on cybercrime forums.

InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of America’s critical infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI to provide education, information sharing, networking, and workshops on new technologies and threats.

The FBI’s InfraGard US Critical Infrastructure Intelligence portal has been hacked and a database containing the contact details of over 80,000 prominent private sector individuals is being sold on compromised cybercrime forums.

“InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) that builds partnerships to share information about cyber and physical threats with the private sector, announced this week that its database of contact information for more than 80,000 members It was put up for sale in the English-language cybercrime forum.” reported KrebOnSecurity. “Meanwhile, the hackers in charge are communicating directly with members via an online Infraguard portal. I’m using.”

A forum member seller participating online under the name USDoD is asking for $50,000 for a complete user database including names and contact information.

According to Brian Krebs, USDoD will apply for new accounts using names, social security numbers, dates of birth and other personal information from major US financial firms that are very likely to be granted InfraGard membership. It claims to have compromised the FBI’s InfraGard system. .

The attacker applied for the account in November, and the account was surprisingly approved in early December.

The attacker used a Python script developed by a friend to query the InfraGard API and enumerate all user data.

“InfraGard is a social media intelligence hub for celebrities,” USDoD tells Krebs. “They also got [a] A forum for discussing things. ”

The hack revealed the low level of cybersecurity implemented by the FBI.

“This is an ongoing situation and we are unable to provide additional information at this time,” reads a statement shared by the FBI.

According to USDoD, the sale of the database is covered by an escrow service provided by Pompompurin, administrator of Breached.

Follow me on Twitter: @Security Affairs When Facebook When Mastodon