InfraGard was launched by the U.S. Federal Bureau of Investigation in 1996 ( FBI). It is a collaboration program that shares information about cyber and physical threats with the private sector. BreachedForums recently posted a database with the contact information of more than 87,000 InfraGard members. This forum is a cybercrime hacking forum that was created as an alternative to now-defunct .
These are all details about the incident.
Was it a mistake?
Hackread.com has revealed that the hacker plans to sell the InfraGard stolen database for $55,000 The hacker posted a sample of data on the forum 10 December 2022. It contained personal information for many members, including the following:
- Names in full
- Email addresses
- Employment details
- Industries that provide employment
- Use social media usernames to find out more
This seller is known by the nickname “USDoD”, and uses the U.S. Department of Defense seal for his avatar. The FBI vetted the FBI’s investigation and found that the hacker had registered an account under the CEO of a CEO financial institution.
What was the Hack?
Independent security researcher Brian Krebs also about the breach. Krebs reached out to the hacker and asked how they got the data. Krebs contacted the hacker who revealed how they obtained access to InfraGard. He used personal information, such as name, birth date, and Social Security number, from a CEO at a company that was considered a good candidate for InfraGard membership.
The CEO of this major US bank is directly responsible for Americans’ creditworthiness. In November the hacker submitted a request for this CEO, along with their email ID, and added the real number of his cellphone.
Although approvals on InfraGard take around three months, the application of the hacker was approved sooner than expected. The InfraGard system offers members the option of one-time activation via email, SMS or . Hackers have an easier job because they can access program user data using the Application Programming Interface/API.
They also requested that a friend write code in order to extract all data from the API. According to the hacker, he still claims access to InfraGard’s account and can contact its members through the online portal.
Scale of Breach
InfraGard has information about high-profile individuals in the private sector. This includes administrative heads of physical and cyber security companies. They manage vital national security and welfare infrastructure such as electricity and drinking water, financial services and transportation.
According to the FBI InfraGard information sheet, this program links owners and stakeholders of critical infrastructures to the bureau. It offers them information sharing and education as well as networking services in order for them collectively mitigate the looming risks and threats.
Furthermore, almost half the accounts did not contain an email address, while crucial fields such as date of birth or Social Security Number, were missing from most of them.
KrebsOnSecurity shared screenshots of the conversation with the hacker in order to remove them from InfraGard.
The History of InfraGard
InfraGard, a joint effort of the FBI’s National Infrastructure Protection Center and the Information Systems Security Association (ISSA), was founded in 1996. InfraGard offers secure email systems and secure data storage platforms. It also provides web-based vulnerability assessment tools as well as password management solutions.
InfraGard also offers seminars about cybersecurity best practices, emerging threats and other topics. All sectors are welcome to attend these seminars, which help members stay up-to-date on security trends.
InfraGard provides additional resources to identify potential victims of cybercrime and suspicious activity before they escalate into major problems.