Hacker Infiltrates FBI Portal, Lists Details of 87,000 Users for Sale

Hacker Infiltrates FBI Portal, Lists Details of 87,000 Users for Sale

KrebsOnSecurity, a security-focused news outlet, first identified the misdeed when it encountered a post on the cybercrime forum Breached. The post claims to offer the entirety of the FBI’s InfraGard for a “starting” price of $50,000 USD. “This will be sold one time only,” mysteriously writes the original poster, who goes by USDoD. “I like to conduct my business the same way that I conduct my life.”

InfraGard is a portal in which members of the FBI can communicate with “business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement.” According to the Infragard homepage, the portal is mainly used for information sharing and for education surrounding emerging threats. But in order to collaborate there, you have to have an Infragard profile—and the FBI’s own lack of robust security has made these profiles ripe for exploitation.

Hacker Infiltrates FBI Portal, Lists Details of 87,000 Users for Sale

Apparently, InfraGard doesn’t have very stringent verification guidelines for new profile requests. “USDoD” is said to have simply used a real financial CEO’s details to apply for an account, then waited less than a month for approval. Once the hacker was in, they used a Python script to query InfraGard’s API, extracting 87,000 users’ contact information in the process. The CEO whose identity was stolen says the FBI never contacted him prior to the breach, meaning the allegedly “exclusive” InfraGard portal is so lax in its verification measures that it’s a wonder this didn’t happen sooner.

USDoD says their asking price may appear a bit high given some users’ email addresses, Social Security numbers, and dates of birth are missing from the list. The $50k asking price was supposedly a negotiation starter and not a final offer, according to a follow-up comment on the original post. USDoD says the sale, should they find an appropriate buyer, would be facilitated via the Breached administrator who goes by “Pompompurin.”

The FBI confirmed the breach earlier this week but has declined to publicly comment on the matter, saying only that the situation is “ongoing.”

Continue reading

Someone Hacked Ray Tracing Into the SNES
Someone Hacked Ray Tracing Into the SNES

Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.

Apple Urges Immediate iPhone Update to Block Active Online Hacks
Apple Urges Immediate iPhone Update to Block Active Online Hacks

There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.

Signal Founder Hacks Cellebrite’s Phone Hacking Tools
Signal Founder Hacks Cellebrite’s Phone Hacking Tools

The Israeli firm recently bragged that it has helped law enforcement retrieve data from the encrypted Signal chat app. Well, Signal founder Moxie Marlinspike had something to say about that.

New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests
New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests

A new CPU design has won accolades for defeating the hacking efforts of nearly 600 experts during a DARPA challenge. Its approach could help us close side-channel vulnerabilities in the future.