The FBI's InfraGard program for protecting U.S. critical infrastructure in partnership with the private sector had its more than 80,000-member database compromised, according to The Associated Press.
The hacker who went by the alias USDoD on the BreachForums site claimed to obtain the entire database of InfraGard, which counts business leaders, government officials, and IT professionals as its members, by masquerading as a finance CEO, said the attacker to independent cybersecurity journalist Brian Krebs.
USDoD said that they were able to secure InfraGard membership by using a contact email address and the impersonated CEO's real mobile number, while a simple software script was leveraged to access the database information. Tens of thousands of InfraGard users' names, affiliations, and contact details were included in the database, but only slightly more than half of the members had their emails exposed.
Social Security numbers and birthdates were also not included in the stolen data, noted USDoD, which has been selling the entire database for $50,000.
Critical Infrastructure Security, Breach, Threat Management, Privacy
FBI’s InfraGard database compromised
Share
Related Terms
AnonymizationAttack VectorBackdoorBotnetChallenge-Handshake Authentication Protocol (CHAP)CorruptionCovert ChannelsDumpSecDumpster DivingIdentity TheftGet daily email updates
SC Media's daily must-read of the most current and pressing daily news