FBI’s InfraGard Hacked, Data of 80,000 Members Put for Sale
Thursday, December 15, 2022
The FBI was repeatedly breached recently. On December 10, 2022, a database containing the contact information of more than 80,000 members of the FBI’s InfraGard went up on sale on an underground hacking forum.
Dr. Ilia Kolochenko, chief architect & CEO of ImmuniWeb, adjunct professor of cybersecurity & cyber law at Capitol Technology University, and a member of the Europol Data Protection Experts Network, told Spiceworks, “This incident highlights once again that Internet-facing web applications and APIs remain one of the weakest links of organizations. I would, however, refrain from making any conclusions before InfraGard and the FBI finish the investigation and provide a report about the scope of the breach.”
The breached data includes the names of all breached users, email addresses of half of the users, and Social Security Numbers and dates of birth of some. “I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want,” USDoD explained.
Dr. Kolochenko disagrees. “Organized cybercrime groups will readily pay $50,000 to get sensitive personal details of cyber investigators and law enforcement officers to launch sophisticated phishing attacks and impersonation campaigns, trying to get privileged access to other highly sensitive resources or governmental databases by reusing stolen information,” Dr. Kolochenko added.
“Some cyber gangs may simply pay for the stolen data to launch online stalking and intimidation campaigns against the victims of the breach or even against their family members.”
InfraGard’s purpose is to make information sharing seamless between members, which includes domain-agnostic leaders and security professionals, to protect U.S. critical infrastructure such as electrical grids, oil pipelines, the energy sector, healthcare facilities, dams, etc.
“If the information about the breach is correct, it may have fairly devastating consequences for the cybersecurity and law enforcement professionals who are InfraGard members,” Dr. Kolochenko continued.
While the breached data suggest the scope to be relatively insignificant, it does blow open a gaping hole in the FBI’s efforts to counter cybercrime. While USDoD was active on InfraGard, they sent personalized messages to CEOs and other company leaders requesting contact details which can then be used for phishing and follow-up intrusion activities. Read Full Article
ComputerWeekly: More Uber data exposed in possible supply chain attack
Latest Hacking News: ImmuniWeb Community Edition Review – Inclusive Vulnerability Scanning for Small Businesses