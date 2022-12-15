A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of InfraGard, an FBI-run outreach programme that shares sensitive information on national security and cybersecurity threats with public officials and private sector actors who run US critical infrastructure.

The hackers posted samples that they said were from the database to an online forum popular with cybercriminals last weekend and said they were asking $50,000 for the entire database.

The hacker obtained access to InfraGard's online portal by posing as the CEO of a financial institution, the hackers told independent cybersecurity journalist Brian Krebs, who broke the story.

They called the vetting process surprisingly lax.

Krebs reported that the agency told him it was aware of a potential false account and was looking into the matter.

InfraGard's memberhip is a veritable critical infrastructure Who's Who.

It includes business leaders, IT professionals, military, state and local law enforcement and government officials involved in overseeing the safety of everything from the electrical grid and transportation, to health care, pipelines, nuclear reactors, the defence industry, dams and water plants and financial services.

Founded in 1996, it is the FBI's largest public-private partnership, with local alliances affiliated with all its field offices. It regularly shares threat advisories from the FBI and the Department of Homeland Security and serves as a behind-closed-doors social media site for select insiders.

Acquiring unique emails

The database has the names, affiliations and contact information for tens of thousands of InfraGard users. Krebs first reported its theft on Tuesday.

The hacker, going by the username USDoD on the BreachForums site, said on the site that records of only 47,000 of the forum’s members’ — slightly more than half — include unique emails.