Community Edition
Total Tests:
This Week:
Today:
Cyber Law Blog
Global Сybercrime Сrackdown Takes Down Over 22K Malicious IPs And Servers
November 7, 2024
REvil Gang Members Sentenced
October 31, 2024
US Cop Indicted Over Buying Stolen Data
October 24, 2024
Notorious hacker ‘USDoD’ arrested in Brazil
October 17, 2024
Dutch Cops Neutralize Major Dark Web Market, Admins Arrested
October 10, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

FBI’s InfraGard Hacked, Data of 80,000 Members Put for Sale

By Sumeet Wadhwani for Spiceworks 1
Thursday, December 15, 2022

The FBI was repeatedly breached recently. On December 10, 2022, a database containing the contact information of more than 80,000 members of the FBI’s InfraGard went up on sale on an underground hacking forum.

Dr. Ilia Kolochenko, chief architect & CEO of ImmuniWeb, adjunct professor of cybersecurity & cyber law at Capitol Technology University, and a member of the Europol Data Protection Experts Network, told Spiceworks, “This incident highlights once again that Internet-facing web applications and APIs remain one of the weakest links of organizations. I would, however, refrain from making any conclusions before InfraGard and the FBI finish the investigation and provide a report about the scope of the breach.”

The breached data includes the names of all breached users, email addresses of half of the users, and Social Security Numbers and dates of birth of some. “I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want,” USDoD explained.

Dr. Kolochenko disagrees. “Organized cybercrime groups will readily pay $50,000 to get sensitive personal details of cyber investigators and law enforcement officers to launch sophisticated phishing attacks and impersonation campaigns, trying to get privileged access to other highly sensitive resources or governmental databases by reusing stolen information,” Dr. Kolochenko added.

“Some cyber gangs may simply pay for the stolen data to launch online stalking and intimidation campaigns against the victims of the breach or even against their family members.”

InfraGard’s purpose is to make information sharing seamless between members, which includes domain-agnostic leaders and security professionals, to protect U.S. critical infrastructure such as electrical grids, oil pipelines, the energy sector, healthcare facilities, dams, etc.

“If the information about the breach is correct, it may have fairly devastating consequences for the cybersecurity and law enforcement professionals who are InfraGard members,” Dr. Kolochenko continued.

While the breached data suggest the scope to be relatively insignificant, it does blow open a gaping hole in the FBI’s efforts to counter cybercrime. While USDoD was active on InfraGard, they sent personalized messages to CEOs and other company leaders requesting contact details which can then be used for phishing and follow-up intrusion activities. Read Full Article


Previous Media Publications:

ComputerWeekly: More Uber data exposed in possible supply chain attack

Latest Hacking News: ImmuniWeb Community Edition Review – Inclusive Vulnerability Scanning for Small Businesses

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential