Reading Time: 3 minutes

FBI’s info-sharing network ‘InfraGrad’ hacked and put up for sale. InfraGard is a project established by the U.S. Federal Bureau of Investigation (FBI) to establish partnerships with the private sector for the exchange of information about cyber and physical threats.

KrebOnSecurity reported, “The hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself”, reported KrebOnSecurity.

The bad actors breached the InfraGard network on December 10, 2022, and managed to steal user data which contained the names and contact details of tens of thousands of InfraGard members and advertised for sale.

According to the FBI’s InfraGard fact sheet, “InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks.”

FBI is aware of a potential false account associated with the InfraGard Portal and that is actively looking into the matter.

“We are not able to provide any additional information,” the FBI said in a written statement when asked about the case.FBI’s Info Sharing Network ‘InfraGard’ HackedAccording to multiple reports, the seller of the InfraGard database is a Breached forum user with the handle “USDoD” and an avatar of the U.S. Department of Defense seal.

The USDoD said they were able to access the InfraGard system of the FBI by applying for a new account using the name and personal details of the CEO of a company that would be very likely to be accepted as an InfraGard member.

KrebsOnSecurity reports that the phony application was submitted in November under the CEO’s name and included his real mobile phone number as a contact email.

The US Department of Defense thought the Application Programming Interface (API) was their access point for InfraGard user data on the Pentagon website. The API can be integrated into different parts of a website, to enable users to communicate and connect with one another.

In addition, they were granted InfraGard membership. Afterward, they wrote a Python script to query the API and retrieve every bit of data accessible.

“InfraGard is a social media intelligence hub for high-profile people,” the US Department of Defense says. Their forum even lets them discuss things.

The USDoD agreed that their $50,000 asking price for the InfraGard database might be a bit high given that it was a relatively basic list of people who are already security-conscious.

The user accounts we looked at had missing and incomplete data. Only about half of them had email addresses, and nearly all the other information we investigated, such as Social Security Number or Date of Birth, was not complete.

The breached administrator Pompompurin offers an escrow service to potential buyers of the database.

Pompompurin has been frustrating the FBI for years. They’re known for their explosive Breached forum that is similar to RaidForums, which was shut down by the U.S. Department of Justice in April.

The FBI’s cybersecurity measures were shown to be inadequate when the attack happened; they let Krebs know they were aware of a possible account connected to InfraGard.

A recent statement made by the FBI explains, “This is an ongoing situation and we are not able to provide any more information at this time.”

Related Articles:
Ex-Twitter Employee Jailed for 3.5 Years for Spying on Behalf of Saudi Arabia
GitHub Offers Free Secret Scanning for All Public Repositories
50 DDoS-For-Hire Domains and 7 People Collared