A hacker is selling access to his data on the dark web after breaching an FBI program dedicated to critical infrastructure Cybersecurity.
The bureau's information-sharing program was compromised earlier this month by a cybercriminal who goes by the name "USDoD." After stealing an internal database that contained contact information for tens of thousands of members, the hacker posted its contents for sale on the dark web marketplace "Breached", where anyone can now buy the info for $50,000. The hacker told Krebs that the high price set for the data was a negotiating tactic.
In order to allow high-level professionals both in and out of the government to collaborate on issues of cybersecurity and defense, an information sharing network has been created. The mission of the organization is described on its website as follows:
InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats.
Information-sharing is very popular in the field of cybersecurity. The FBI missed the threat of a hacker sifting through their network despite their stated mission.
The hacker said they gained entry to the protected environment by using a corporate executive's stolen personal information. The hacker used the executive's Social Security Number, birthday, and other info to file a fake application for inclusion in InfraGard's membership. The hacker's application was accepted within a few weeks. Once granted access to the org's internal environment, USDoD says they used a simple Python script to call up and steal personal information from other members.
The USDoD's fake account was still active as of Tuesday evening and hadn't been terminated by the FBI. Krebs is reporting.
To prove they still had access to InfraGard as of publication time Tuesday evening, USDoD sent a direct note through InfraGard’s messaging system to an InfraGard member whose personal details were initially published as a teaser on the database sales thread. That InfraGard member, who is head of security at a major U.S. technology firm, confirmed receipt of USDoD’s message but asked to remain anonymous for this story.
There is a question as to whether the data that USDoD stole is worth anything. Critical pieces of personal information, such as birthdays, social security numbers, and emails, are missing from a lot of accounts.
When contacted by Gizmodo, the same statement was given to them: "This is an ongoing situation, and we are not able to provide any more information at this time."