A database belonging to InfraGard, a partnership between the U.S. Federal Bureau of Investigation and the private sector to promote the protection of critical infrastructure, has been stolen and was offered for sale on a cybercrime forum.

First reported Dec. 13 by Brian Krebs, the database contains information on InfraGard’s over 80,0000 members. The stolen data was listed for sale on BreachForum, the successor site to the now-shuttered RaidForums. A user going by the name USDoD claimed that the database contains the details of 87,000 users and 47,000 emails. The database was listed at a price starting at a negotiable $50,000 and was only offered as a onetime-only sale.

A range of personally identifiable information was claimed to be inside the database, including first and last names, sector, organization names, job titles, email addresses, cellphones, zip codes, social media accounts and more.

USDoD told Krebs that they had gained access to the InfraGard system by applying for a new account using the name, Social Security number, date of birth and other personal details of a chief executive at a company that was highly likely to be granted InfraGard membership.

The unnamed CEO was also contacted and told Krebs that they were never contacted by the FBI to vet the application in their name. Notably, the CEO is described as the head of a major U.S. financial corporation that directly affects the creditworthiness of most Americans.

USDoD claims to have made the phony application in November with an email address that they controlled but also included the CEO’s real mobile phone number. The application was approved in early December.

The breach of InfraGard is not the first time the FBI-controlled entity has been targeted. In 2012, the hacking collective Anonymous successfully targeted the Dayton, Ohio chapter of InfraGard, defacing the chapter website with a message that described it as a “sinister alliance” between corporations and law enforcement.

“As an InfraGard member, it certainly isn’t great to hear your information may have been disclosed from a news outlet before you hear from the impacted organization,” Will Carlson, director of IT and cybersecurity at cybersecurity training and development company Cybrary Inc., told SiliconANGLE. “Even more disappointing is attempting to log in to one’s account only to find it’s been locked and the ability to change your password temporarily disabled. Although I have full faith InfraGard leadership has a stronger grasp of the facts than I do from the outside, the radio silence to date makes me uneasy as a potentially impacted professional.”

Carlson explained that allowing someone to register for a site like InfraGard on a guess, with some good open-source intelligence, could be greatly mitigated by a more thorough multifactor sign-up process.

“A network of professionals engaged in the protection of our nation’s critical infrastructure should likely have a more rigorous registration process than simply signing up for another web-based service,” Carlson added. “I wonder how the threat actor was able to move laterally from a valid account to having the personal information of 80,000 Infragard members. I fully expect this to be a developing story as the cyber professionals responding learn more.”

Photo: U.S. Air Force