(FreedomBeacon.com)- A hacker posing as a CEO of a financial institution claims to have obtained access to the over 80,000-member database of InfraGard, an FBI-run outreach program that shares sensitive information about national security and cybersecurity threats with public officials and private sector actors responsible for the country’s critical infrastructure.
Last weekend, the unknown hacker posted samples purportedly from the database to BreachForums, the popular online forum for cybercriminals, offering to sell the database for $50,000.
According to independent cybersecurity reporter Brian Krebs who broke the story on Tuesday, the hacker obtained access to InfraGard’s online portal by posing as the CEO of a financial institution. The hacker told Krebs that InfraGard’s vetting process was surprisingly lax.
The FBI told Krebs that it was aware of the potential false account and was looking into the matter.
The hacker, who goes by the name USDoD on BreachForums, told the forum that only 47,000 records on InfraGard include unique emails.
The data the hacker posted on BreachForums didn’t include Social Security numbers or dates of birth. While those fields exist in the database, InfraGard’s security-conscious members left them blank.
According to Krebs, while posing as the CEO, the hacker was messaging InfraGard members hoping to obtain more personal information that could be weaponized.
The FBI did not explain how the hacker was able to obtain approval for an InfraGard membership. According to Krebs, the hacker used a real CEO’s cellphone number when applying for membership last month.
Membership in InfraGard includes business leaders, IT professionals, military, state and local law enforcement, and government officials who are involved in overseeing the safety of critical infrastructure, including electrical grids, transportation, pipelines, nuclear reactors, healthcare, and financial services.
Established in 1996, InfraGard is the FBI’s largest public/private partnership with local alliances affiliated with all of the FBI’s field offices.
According to Krebs, the stolen database includes the names, affiliations, and contact information for tens of thousands of InfraGard users.