FBI cyberthreat sharing portal has member data stolen
>
An FBI cybersecurity portal has been hacked and thousands of members’ contact information has been leaked on an illegal cybercrime forum.
More than 80,000 users on the InfraGard portal are now believed to have had their contact information leaked, with hackers messaging members directly under an account posing as an FBI vetted CEO in finance.
InfraGard partners with companies to share information about cyber-attacks and other threats.
CEO posing
Names and contact details of these members were put up for sale on Breached, a new forum for cybercriminals.
InfraGard monitors its members, which are key individuals at cybersecurity firms contracted to manage the security of national institutions such as water, utilities, transportation, health care and nuclear power. The goal is to educate both the FBI and businesses about cybersecurity threats by exchanging information.
Commenting on the case, the FBI stated: “This is an ongoing situation and we are unable to provide any additional information at this time”.
KrebsOnSecurity (opens in new tab) contacted the seller on Breached, who claimed they applied for an InfraGard account under the guise of being a real CEO of a major credit rating firm.
They used their name, social security number, email address (which they also claimed they hacked into), and phone number to fill out the application. The real CEO told KrebsOnSecurity that they were never contacted by the FBI about the filing.
While not expecting to be accepted, the hacker received an email from InfraGard in early December saying they had indeed been approved.
InfraGard requires multi-factor authentication, but users can choose to receive a one-time code by email instead of SMS. The hacker said that if they were forced to use a phone alone, they would have been thwarted because they were using the CEO’s real phone number, which they could not access.
To actually steal the database, they claimed they simply exploited an API in the portal that helps members connect with each other. They used a Python script to extract the data, which contained each user’s information.
While the information they obtained is rather basic and in some cases incomplete, the hacker claimed that their real motive was to continue posing as CEO and contact other InfraGard members, perhaps hoping to get more sensitive information. to obtain.
The administrator of the Breached forum is Pompompurin, who has a past with the FBI. Last year, they exploited a vulnerability in another information-sharing portal between the agency’s local law enforcement officers, giving them access to send large volumes of spam emails from legitimate FBI email addresses and IP addresses. .