Cyber Attack on InfraGard, GA

“Security blogger Brian Krebs reports that InfraGard, an information-sharing program maintained by the bureau, was compromised earlier this month by a cybercriminal who goes by the moniker “USDoD.” After swiping an internal database that contained contact information for “tens of thousands” of InfraGard members, the hacker proceeded to post its contents for sale on the dark web marketplace “Breached,” where anybody can now buy the info for $50,000. The hacker told Krebs that the high price set for the data was a negotiating tactic: “I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want,” they said. “

“InfraGard is an information-sharing network designed to allow high-level professionals both in and out of the government to collaborate on issues of cybersecurity and defense. InfraGard’s membership includes security pros from government agencies and major corporations and, on its website, it describes its mission like this: “

““USDoD,” the hacker, claims that they gained entry to InfraGard’s protected environment by using a corporate executive’s stolen personal information. The hacker used the executive’s Social Security Number, birthday, and other info to file a phony application for inclusion in InfraGard’s membership (it’s unclear where the hacker got the exec’s info, but such data can also be purchased on the dark web). Within several weeks, the hacker’s application was accepted, apparently without much vetting by the FBI. Once granted access to the org’s internal environment, USDoD says they used a simple Python script aimed at one of the website’s Application Programming Interfaces (APIs) to call up and steal personal information on the other participating members. As of Tuesday evening, USDoD’s phony account was apparently still active and hadn’t yet been terminated by the FBI.“