www.darkreading.com Open in urlscan Pro
2606:4700::6811:7663  Public Scan

Form analysis
0 forms found in the DOM

Text Content

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

ICS/OT

Remote Workforce

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Physical Security

IoT

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 5-10 - Learn More
   
 * Black Hat Asia - May 9-12 - Learn More
   

Webinars
 * Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
   Jan 11, 2023
 * Zero Trust Security 101: What You Need to Know Before Getting Started
   Jan 12, 2023

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler

Subscribe
Login
/
Register

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

ICS/OT

Remote Workforce

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Physical Security

IoT

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 5-10 - Learn More
   
 * Black Hat Asia - May 9-12 - Learn More
   

Webinars
 * Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
   Jan 11, 2023
 * Zero Trust Security 101: What You Need to Know Before Getting Started
   Jan 12, 2023

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

ICS/OT

Remote Workforce

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Physical Security

IoT

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 5-10 - Learn More
   
 * Black Hat Asia - May 9-12 - Learn More
   

Webinars
 * Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
   Jan 11, 2023
 * Zero Trust Security 101: What You Need to Know Before Getting Started
   Jan 12, 2023

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler

--------------------------------------------------------------------------------

Subscribe
Login
/
Register
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.




Announcements
 1. 
 2. 

Event
Cybersecurity Outlook 2023 - A Dark Reading, Black Hat, Omdia December 13
Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top
of Mind | <READ IT NOW>
PreviousNext

Attacks/Breaches

3 MIN READ

News



STOLEN DATA ON 80K+ MEMBERS OF FBI-RUN INFRAGARD REPORTEDLY FOR SALE ON DARK WEB
FORUM

InfraGard's members include key security decision-makers and stakeholders from
all 16 US civilian critical-infrastructure sectors.
Jai Vijayan
Contributing Writer, Dark Reading
December 15, 2022
Source: danielo via Shutterstock
PDF


A hacker using the handle "USDoD" has reportedly stolen contact information on
more than 80,000 members of an FBI-run program called InfraGard and put the
information up for sale on an English-speaking Dark Web forum.



The information the hacker accessed from InfraGard's database appears to be
fairly basic and in some cases does not even include an email address, according
to KrebsOnSecurity, which first reported on the incident this week. But the
information belongs to CISOs, security directors, IT and C-suite executives,
healthcare professionals, emergency managers, and law enforcement and military
personnel directly responsible for protecting US critical infrastructure.






A POTENTIALLY VALUABLE ASSET



As such, the stolen data represents a valuable asset for adversaries, says
former InfraGard member Chris Pierson, currently CEO of BlackCloak, an online
privacy-protection service for top executives and corporate leaders.



"The InfraGard database of contacts is a big win for any intelligence agency or
nation-state to possess," Pierson says. The compromised data is nowhere close in
sensitivity compared to major breaches such as the one that the US Office of
Personnel Management (OPM) disclosed in 2015. Still, it is very practical and
easy to use from an attacker's perspective, he says.

"While much of the information may be public or publicly available, the
condensing of this information into the key people who run our nation's critical
infrastructure is immensely valuable," Pierson notes. Personal addresses,
personal cell phones, and easy access to which members possess a security
clearance are all key pieces of data for an adversary to have, he says.

The FBI describes InfraGard as an initiative to bolster the nation's collective
ability to defend against physical and cyber threats to critical infrastructure
targets. It basically connects the FBI directly with critical infrastructure
owners, operators, and security stakeholders. Its members include key security
personnel and decision-makers from all 16 US civilian critical infrastructure
sectors.

According to KrebsOnSecurity, the hacker "USDoD" gained access to the InfraGard
database by first applying for a new account using the name, date of birth, and
Social Security number of a chief executive officer at a large financial
services company. The hacker apparently applied for InfraGard membership in
November and provided an attacker-controlled email address and the actual phone
number of the CEO, as contact information.






AN OPSEC LAPSE?



Though InfraGard was supposed to have vetted that information, they never did
and instead approved the application based on the information that the hacker
had provided, KrebsOnSecurity reported. Similarly, though accessing InfraGard's
portal requires two-factor authentication, the hacker found he could use the
email address as a second factor instead — thereby obviating the need for access
to the real CEO's phone.

Once on the portal, the attacker discovered that InfraGard user information
could be relatively easily accessed via an API built into several components on
the website, KrebsOnSecurity said, citing a direct conversation with the
attacker. The hacker then apparently got a friend to code a Python query for
retrieving all available InfaGard member information via the API.
KrebsOnSecurity quoted the attacker as setting an asking price of $50,000 for
the stolen dataset, but not really expecting any buyers at that price because of
the basic nature of the information.

InfraGard member Will Carson, director of IT and cybersecurity at Cybrary,
expressed frustration over the incident. “As an InfraGard member, it certainly
isn't great to hear your information may have been disclosed from a news outlet
before you hear from the impacted organization," he said in a statement
responding to the news. He expressed disappointment over being unable to log
into his InfraGard account after the apparent breach.

"Although I have full faith InfraGard leadership has a stronger grasp of the
facts than I do from the outside, the radio silence to date makes me uneasy as a
potentially impacted professional," he says.

The FBI did not immediately respond to a Dark Reading request for comment
submitted via email to its press office.

Threat Intelligence
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe

More Insights
White Papers
 * 
   State of Email Security
 * 
   Ransomware Resilience and Response: The Next-Generation

More White Papers
Webinars
 * 
   Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
 * 
   Zero Trust Security 101: What You Need to Know Before Getting Started

More Webinars
Reports
 * 
   How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * 
   Implementing Zero Trust In Your Enterprise: How to Get Started

More Reports

Editors' Choice
The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership
Problem
Tyler Farrar, CISO, Exabeam
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Jai Vijayan, Contributing Writer, Dark Reading
Uber Breached, Again, After Attackers Compromise Third-Party Cloud
Elizabeth Montalbano, Contributor, Dark Reading
For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
Jai Vijayan, Contributing Writer, Dark Reading
Webinars
 * Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
 * Zero Trust Security 101: What You Need to Know Before Getting Started
 * A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype

More Webinars
Reports
 * How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * Implementing Zero Trust In Your Enterprise: How to Get Started
 * 2021 Digital Transformation Report
 * Enterprise Cybersecurity Plans in a Post-Pandemic World
 * Proven Success Factors for Endpoint Security

More Reports

White Papers
 * State of Email Security
 * Ransomware Resilience and Response: The Next-Generation
 * Ransomware Is On The Rise
 * State of Ransomware Readiness: Facing the Reality Gap
 * Implementing Zero Trust In Your Enterprise: How to Get Started

More White Papers
Events
 * Black Hat USA - August 5-10 - Learn More
 * Black Hat Asia - May 9-12 - Learn More
 * [FREE Virtual Event] The Identity Crisis

More Events
More Insights
White Papers
 * 
   State of Email Security
 * 
   Ransomware Resilience and Response: The Next-Generation

More White Papers
Webinars
 * 
   Network Segmentation and Microsegmentation: Keys to the Next Generation of
   Enterprise Defense
 * 
   Zero Trust Security 101: What You Need to Know Before Getting Started

More Webinars
Reports
 * 
   How Machine Learning, AI & Deep Learning Improve Cybersecurity
 * 
   Implementing Zero Trust In Your Enterprise: How to Get Started

More Reports

DISCOVER MORE FROM INFORMA TECH

 * Interop
 * InformationWeek
 * Network Computing
 * ITPro Today

 * Data Center Knowledge
 * Black Hat
 * Omdia

WORKING WITH US

 * About Us
 * Advertise
 * Reprints

FOLLOW DARK READING ON SOCIAL

 * 
 * 
 * 
 * 
 * 


 * Home
 * Cookies
 * Privacy
 * Terms



Copyright © 2022 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

This site uses cookies to provide you with the best user experience possible. By
using Dark Reading, you accept our use of cookies.

Accept