[ad_1]
BOSTON, Dec. 15 (AP) — A hacker posing as the CEO of a financial institution claims to have gained access to the database of more than 80,000 members of InfraGard, an outreach program run by the FBI, who has shared information about Sensitive national security and cybersecurity threats to public officials and private sector individuals who operate critical U.S. infrastructure.
Over the weekend, hackers posted what they said were samples from the database to an online forum popular with cybercriminals and said they were asking $50,000 for the entire database.
Hackers gained access to InfraGard by posing as the CEO of a financial institution, they told independent cybersecurity reporter Brian Krebs, who broke the story. They called the review process surprisingly lax.
The FBI did not immediately respond to a request for comment from The Associated Press. Krebs reported that the agency told him he was aware of a potentially fake account and was investigating the matter.
InfraGard members include business leaders, IT professionals, the military, state and local law enforcement, and government officials involved in overseeing the safety of everything from power grids and transportation to healthcare, pipelines, nuclear reactors, the defense industry, dams, and water plants and financial services. Founded in 1996, it is the FBI’s largest public-private partnership, with local alliances in all of its field offices. It regularly shares threat warnings from the FBI and Department of Homeland Security and serves as a closed-door social media site for select insiders.
The database contains the names, affiliations and contact information of tens of thousands of InfraGard users. Krebs first reported the theft on Tuesday.
The hacker, who goes by the username USDoD on the BreachForums website, said on the site that only 47,000 of the forum’s members — a little more than half — had records containing unique emails.
The hackers also said the data contained neither Social Security numbers nor dates of birth. Although a field for this information exists in the database, InfraGard security-conscious users leave it blank.
However, hackers told Krebs they had been sending messages to InfraGard members posing as chief executives of financial institutions in an attempt to gain access to more personal data that could be criminally weaponized. The Associated Press contacted the hacker on the BreachForums website via private message.
They would not say whether they had found a buyer for the stolen records, or answer other questions. They did say, however, that Krebs’ article was “100 percent accurate.” The FBI did not immediately respond to an email seeking comment on how the hackers tricked it into approving InfraGard memberships.
Krebs reported that hackers provided a contact email address they controlled — along with the CEO’s real cell phone number — when they applied for InfraGard membership in November.
Krebs cites the hackers as saying that InfraGard approved the app in early December and they were able to use the email to receive one-time verification codes. Once inside, the database information was easily accessed with simple software scripts, the hackers said. (Associated Press)
(This is an unedited and auto-generated story from a Syndicated News feed, the content body may not have been modified or edited by LatestLY staff)
[ad_2]
Source link