Critical Infrastructure Security , Cybercrime , Fraud Management & Cybercrime
Hacker Reportedly Breaches US FBI Cybersecurity ForumBureau Ushered a Phony CEO Who Stole Emails Into a Seat at InfraGard
A hacker reportedly using a fake email address posed as a chief executive of an American financial institution to gain bureau-approved access to FBI public-private cybersecurity forum InfraGard and is now selling details of its more than 80,000 members.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge
A posting on the BreachForums criminal site by a user with the handle "USDoD" offers a one-time sale for $50,000 of data the hacker says comes from InfraGard and includes 47,000 email addresses of its members.
The hacker, in an interview with independent cybersecurity reporter Brian Krebs, who broke the story Tuesday evening, described posing as a chief executive of a major corporation to con the FBI into granting admittance to the forum.
The FBI vets admittance to InfraGard, a mechanism for critical infrastructure executives and security personnel to comingle with feds and obtain government intelligence. The bureau says the forum, founded in 1996, offers "direct engagement with the FBI, other government agencies, and private sector experts at the local level."
USDoD told Krebs the membership application included the real name and mobile number of the unidentified chief executive but a phony email address. InfraGard requires multifactor authentication to log on, but it allows users to choose between receiving a one-time code via SMS or email. The hacker chose email. "I wasn’t expected to be approve[d]," USDoD told Krebs.
The FBI did not immediately respond to Information Security Media Group's inquiry. Krebs reports the bureau responded to him with a terse written statement describing the matter as "an ongoing situation." USDoD also did not immediately respond to a private message sent through BreachForums by ISMG.
On BreachForums, USDoD wrote that the $50,000 asking price was justified since most of the email addresses haven't been caught up in previous data breaches - an assertion another forum member contests, saying emails contained in a sample of the breached information can be found elsewhere. Krebs reports that of the more than 80,000 records in the InfraGard dataset, "only about half of the user accounts contain an email address, and most of the other database fields - like Social Security Number and Date of Birth - are completely empty."
He also reports that selling data on a criminal forum may not have been USDoD's intended endgame, since the hacker used access to InfraGard in a bid to reach out to chief executives through the portal's messaging service.