An FBI cybersecurity portal has been hacked and the contact information of thousands of its members has been leaked to an illicit forum for cybercriminals.
It is believed that more than 80,000 users of the InfraGard portal have now had their details leaked, with hackers sending messages to members directly under an account posing as an FBI-approved chief financial officer.
InfraGard works with companies to share information about cyberattacks and other threats.
CEO posing
The names and contact details of these members have been put up for sale on Breached, a new forum for cybercriminals.
InfraGard controls its members, made up of key people in cybersecurity companies who are hired to manage the security of national institutions, such as water, utilities, transportation, healthcare and nuclear power. The goal is to educate the FBI and businesses about cybersecurity threats through information sharing.
In response to the case, the FBI said that "this is an ongoing situation and we are unable to provide additional information at this time."
KrebsOnSecurity - opens in a new tab - contacted the Breached vendor, who claimed to have applied for an InfraGard account under the guise of an actual CEO of a major credit company.
They used your name, social security number, email address (which they also claimed to have hacked), and phone number to complete the application. The actual CEO told KrebsOnSecurity that they never received any contact from the FBI about the app.
Although he did not expect to be accepted, the hacker received an email from InfraGard in early December informing him that he had been approved.
InfraGard requires multi-factor authentication, but users can choose to receive a unique code via email instead of SMS. The hacker said that if they had been forced to use just one phone, they would have been frustrated as they used the CEO's real phone number, which they did not have access to.
In order to steal the database, they claimed that they simply exploited an API on the portal that helps members connect with each other. They used a Python script to retrieve the data, which contained the information for each user.
Although the information they obtained was fairly basic and at times incomplete, the hacker claimed his real motive was to continue posing as a CEO and contact other members of InfraGard, possibly hoping to extract more sensitive information. .
The administrator of the Breached forum is Pompompurin, who has a record with the FBI. Last year, they exploited a vulnerability in another agency's local police information-sharing portal, gaining access to send large amounts of spam from legitimate FBI email addresses and IP addresses.
