17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
17:20
13:53
15:23
09:53
12:45
12:27
The hacker pretended to be the head of the company.
The FBI's Cybersecurity Program for Critical Infrastructure was hacked by a famous hacker called USDoD. This was told by cybersecurity specialist Brian Crebs. According to him, the attacker stole the data of tens of thousands of people and posted information for sale on the dark web.
The hack affected the InfraGrad system. This is a network designed to exchange information between the bureau and other participants that ensure the operation of critical infrastructure. It includes representatives of private businesses and government agencies.
USDoD told Krebs that he used stolen information about the head of one of the corporations to infiltrate the network. With a stolen social security number and other information, he wrote a false application for inclusion to InfraGard. After the application was approved, the hacker exploited a vulnerability in the authorization system: the InfraGrad system requires multi-factor authentication by default, but the user can only choose to authorize via e-mail. The attacker said that he would not have succeeded if the system required authorization via phone.
The hacker has posted the stolen database on the dark web and is selling it for $50,000. According to Krebs, it is missing important personal data. It only contains social security numbers, dates of birth, and email addresses.