FBI vetted information from InfraGard, was the victim of a data breach in December 2022.
A hacker, using the handle USDoD, listed the InfraGard user database, containing the contact information of more than 80,000 members of the FBI’s InfraGard, for sale on the cybercrime forum Breached on Dec. 10.
According to their website, “InfraGard is a program that connects key people in critical infrastructure sector roles with the FBI to provide education, networking, information sharing, and foster collaboration in addressing threats to U.S. national security.” There are 16 critical infrastructure sectors including financial services, energy, public health, water systems, and government facilities.
Brian Krebs from KrebsOnSecurity, who first reported the breach on Dec. 13, reached out to the attacker, USDoD, who shared that they were able to gain access to the InfraGard system by submitting an application for a new account using stolen credentials from a CEO, who is currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans.
USDoD told Krebs that they were able to submit a member application in November using the stolen personal information of the unnamed CEO, including their Social Security number, date of birth, phone number and a contact email address that the attacker controlled.
It can take several months for an application to process according to an InfraGard fact sheet; however, the application was approved in early December. USDoD’s phony application was submitted in November in the CEO’s name, and that the application included a contact email address that they controlled — but also the CEO’s real mobile phone number. While the FBI’s InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email, which enabled the hacker to obtain access.
Wasting no time, USDoD began direct-messaging other executives and industry leaders using the InfraGard messaging portal trying to garner personal details. They also ran a Python script to query data through an Application Programming Interface (API) that was present across several key components of the website to retrieve all available user data.
The FBI responded to the breach saying that it is actively looking into a potential false account
associated with InfraGard and said in a written statement: “This is an ongoing situation, and we are not able to provide any additional information at this time.”
The InfraGard database was originally listed for sale for $50,000 which USDoD explained to Krebs that, “I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want.”
Without a sale, the database was made public and has been confirmed to be circulating on other cybercrime forums as reported by Hackread.
Why is this important?
This hack not only puts the security of these companies at risk but also leads to added concerns because many of its members are federal agencies as well as state and local law enforcement agencies that handle sensitive materials on a regular basis. Cyber criminals could take advantage of this vulnerability and use it to gain access to confidential government records or even personal information belonging to members of the public.
What does this mean to me?
If you are member of Infragard, you need to consider that threat actors have full personal information including Social Security Number, that can be used for identity theft. Members should immediately lock their credit with the 3 agencies.
Consider credit monitoring solutions as well and Digital Executive Protection services to monitor your information the surface web, deep web and dark web.
- Executive Protection Solutions
- Credit Freeze
- Credit Monitoring
- Multifactor Authentication (MFA)
Commonality of attack