A phoney CEO who stole emails was ushered into a seat at InfraGard by the Bureau. A hacker posing as the CEO of an American financial institution allegedly used a fake email address to gain bureau-approved access to the FBI cybersecurity forum InfraGard. They are now selling details of its more than 80,000 members.
A user with the handle “USDoD” posted on the BreachForums criminal site offering a one-time sale for $50,000 of data. However, the hacker claims come from InfraGard and includes 47,000 email addresses of its members.
Also, read Cuba ransomware alert from CISA and the FBI
In a question and answer session with independent cybersecurity journalist Brian Krebs, who reported the story Tuesday. The attacker described trying to pose as the CEO of a corporation in order to trick the FBI into admitting him to the forum.
The FBI vets applicants for InfraGard, a system that allows key infrastructure top management and security staff to interact with federal agents and acquire government intelligence. According to the FBI, the forum, which was established in 1996, provides “real contact with the Federal bureau of investigation. Other government entities, and private industry specialists at the community scale.”
According to Krebs, the USDoD affiliation application included the unidentified chief executive’s real name and mobile number, but a bogus email address. InfraGard necessitates 2-step verification to log in, but users can receive a one-time code via email or text message. The hacker went with email. “I wasn’t expecting to be approved,” Krebs said of the USDoD.
US FBI Cybersecurity Forum
The Federal bureau of investigation did not respond immediately to an inquiry from Information Security Media Group. According to Krebs, the agency reacted to him with a brief written statement that described the situation as “ongoing.” ISMG also did not receive an immediate response from the USDoD after sending a personal message through BreachForums.
USDoD wrote on BreachForums that the $50,000 going to ask price was justified because most of the email addresses hadn’t been compromised in previous data breaches – an assertion that another forum member disputes. It was claimed that email messages contained in a sample of the violated information could be found elsewhere. According to Krebs, “only around half of the user profiles in the InfraGard dataset comprise an email. And the majority of the other database fields – like the Social Security Number and the date of birth – are empty.”
He also claims that trying to sell data on a criminal forum was not USDoD’s intended goal. As the attacker used direct exposure to InfraGard to contact executives via the portal’s messenger app.