InfraguardProgram run by US Federal Bureau of Investigation (FBI) this week a database of contact information for more than 80,000 members went up for sale at an English-language cybercrime forum to build a partnership to share information about cyber and physical threats with the private sector. it was done. Meanwhile, the hacker responsible is communicating directly with members via her InfraGard portal online — using a new account under the assumed identity of her CEO in the financial industry, which has been scrutinized by the FBI itself. I’m here.
December 10, 2022, a relatively new cybercrime forum Violated InfraGard’s user database contains the names and contact information of tens of thousands of InfraGard members.
The FBI’s InfraGard program is a key role of the private sector, including both cyber and physical security for companies that manage most of the nation’s critical infrastructure, including drinking water and power companies, telecommunications and financial services companies, and transportation. It should be a scrutinized portrait of the main person responsible for Manufacturers, healthcare providers, nuclear energy companies.
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information sharing on security threats and risks,” the FBI’s InfraGard fact sheet states. It is listed.
KrebsOnSecurity uses the handle “USDoD” And that avatar is the seal of US Department of Defense.
USDoD’s InfraGard Sales Thread on Infringement.
The USDoD may allow the FBI to apply for a new account using the name, social security number, date of birth and other personal information of the CEO of the company most likely to be granted InfraGard membership. has obtained access to the InfraGard system.
The chief executive officer in question, now the head of a major U.S. financial company that directly affects the creditworthiness of most Americans, did not respond to a request for comment.
USDoD told KrebsOnSecurity that a bogus application was filed in November in the CEO’s name, containing not only a contact email address under their control, but also the CEO’s actual mobile phone number. He said he was.
“When I registered, I was told that it could take at least three months to be approved,” USDoD said. “I didn’t expect it to be approved.[d]”
“If it were just a phone call, I would be [a] It’s a bad situation,” USDoD said. “Because I used people[‘s] The phone I’m impersonating. ”
According to the USDoD, InfraGard user data is made readily available through application programming interfaces (APIs) built into several key components of the website that help InfraGard members connect and communicate with each other. It is
After their InfraGard membership was approved, USDoD asked a friend to code a script in Python to query its API and retrieve all available InfraGard user data.
“InfraGard is a social media intelligence hub for celebrities,” said USDoD. “They also got [a] A forum for discussing things. ”
KrebsOnSecurity shared some screenshots and other data with the FBI that could help identify the impersonated InfraGard account, but the FBI declined to comment on the story.
To certify that InfraGard is still accessible as of Tuesday night’s publication time, USDoD sent a memo directly to InfraGard members via InfraGard’s messaging system.
A member of InfraGard, the head of security for a large US technology company, confirmed that it received USDoD’s message, but requested anonymity for this article.
USDoD admits that the asking price of $50,000 for the InfraGard database may be a bit high given that it’s a fairly basic list of people who are already very security conscious. Also, only about half of the user accounts contain her email address, and most of his other database fields, such as social security numbers and dates of birth, are completely empty.
“I don’t think anyone will pay for it, but I have to. [price it] a little higher than [negotiate] The price I want,” they explained.
While the data exposed by the InfraGard intrusion may be minimal, user data may not have been the intruder’s true goal.
USDoD said it hopes the impersonation account will last long enough to finish sending direct messages to other executives as CEO using the InfraGuard messaging portal. USDoD shared the following redacted screenshot of what he claimed to be one such message, but provided no additional context for it.
Screenshot shared by USDoD showing a message thread from the FBI’s InfraGard system.
USDoD is the sales thread and the deal guarantor is PompompurinBy purchasing the database through the forum administrator’s escrow service, the cybercrime forum administrator theoretically avoids being deceived and the transaction is completed to the satisfaction of both parties before any money exchange takes place. can be completed.
Pompompurin has long been the bane of the FBI. Their compromised forums are raid foruma very similar English cybercrime forum It was closed by the U.S. Department of Justice in April. Before the FBI infiltration, RaidForums sold access to over 10 billion consumer records stolen in the world’s largest data breach.
In November 2021, KrebsOnSecurity reported how Pompompurin exploited a vulnerability in the FBI online portal designed to share information with state and local law enforcement agencies, and how that access was used. I explained in detail what happened. Wipe out thousands of hoax email messages sent from FBI emails and Internet addresses.
This is a developing story. Updates are logged here with a timestamp.
