Cybercriminals this week confirmed a breach of the FBI's InfraGard system by putting information on 80,000 members up for sale. According to KrebsOnSecurity, hackers are also seemingly still in the system and communicating with members of a cybercrime forum from the platform.
InfraGrad is a program that the Federal Bureau of Investigation (FBI) uses to generate cyber threat information-sharing collaborations with private companies. On the weekend, the cybercrime forum Breached had a new sales threat with the title:
“The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.”
InfraGrad essentially serves as a program that shows private sector individuals who have been vetted for both cyber and physical threats. It allows companies to check key people across important infrastructure roles.
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI explains.
The bureau confirms it is aware that a false account has been taking information and is currently investigating the matter. KrebsOnSecurity made direct contact with the seller on the Breach forum (who has the handle USDoD).
According to the hacker, they were able to access InfraGrad by applying for a new account using false details (date of birth, name, and Social Security Number) taken from a CEO of a company. Of course, the person is not really the CEO. They say they chose the executive because they are from a company likely to be approved by the FBI's platform.
“When you register they said that to be approved can take at least three months,” USDoD said. “I wasn't expected to be approve[d].”
USDoD points out they were able to get user data easily by using an API in IngraGrad that is used to help members communicate. A simple code script in Python was enough to query the API and retrieve the data.
The hacker is asking for $50,000 for the database, although they admit this is to be able to negotiate lower. In other words, while this is a major breach, it is not too damaging because the information is on people who are already known and have robust security.
Tip of the day: The Windows Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.