InfraGard

Last updated
InfraGard
Formation1996
Type Non-profit organization
Membership
86,691
Website www.infragard.org

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. [1] InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States. [2]

Contents

History

InfraGard began in the Cleveland, Ohio, Field Office in 1996, [3] [4] and has since expanded to become a national-level program, with InfraGard coordinators in every FBI field office. Originally, it was a local effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena, but it has since expanded to a much wider range of activities surrounding the nation's critical infrastructure. [1]

The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) directed by RADM James B. Plehal and to the FBI's Cyber Division in 2003. [3] Since 2003, InfraGard Alliances and the FBI said that they have developed a TRUST-based public-private sector partnership to ensure reliability and integrity of information exchanged about various terrorism, intelligence, criminal, and security matters. It supports FBI priorities in the areas of counterterrorism, foreign counterintelligence, and cybercrime. [3] [5]

Information sharing

InfraGard chapters participate to assure that the critical infrastructure owners and operators—estimated at 85% private sector—are engaged and represented in local and regional planning efforts. [6] Working on all 16 critical infrastructure sectors, the organization provides resources and information not only on prevention, but also on building resilience and response capabilities. [7]

Training

InfraGard chapters around the nation also provide cyber and physical security training sessions that focus on the latest threats as identified by the FBI. Sessions include threat briefings, technical sessions on cyber and physical attack vectors, response training, and other resources to help CISOs and CSOs protect their enterprise. InfraGard approaches threats to critical infrastructure from both a tactical and strategic level, addressing the needs of those on the front lines of security as well as those decision makers tasked with assessing their enterprise's vulnerabilities and allocating resources to protect it. [8]

The information sharing between the organization and government has been criticized by those protecting civil liberties, concerned the membership would be surrogate eyes and ears for the FBI. [9] The group has also been the subject of hacking attacks intended to embarrass the FBI. [10] Local chapters regularly meet to discuss the latest threats or listen to talks from subject matter experts on security issues, [11] with membership open to U.S. citizens at no cost. [12] As of July 2012, the organization reported membership at over 54,677 (including FBI). [3]

Civil liberties

Partnership between government agencies and private organizations has its critics. [9] [13] [14] Concerned about civil liberties, the American Civil Liberties Union (ACLU) warned that there "is evidence that InfraGard may be closer to a corporate TIPS program, turning private-sector corporations — some of which may be in a position to observe the activities of millions of individual customers — into surrogate eyes and ears for the FBI". Concluding that "any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future." [9] [11] While others describing Infragard state "the architecture of the Internet—and the many possible methods of attack— requires governments, corporations, and private parties to work together to protect network security and head off threats before they occur." [15] Responding to the ACLU criticism, Chairwoman Kathleen Kiernan of the InfraGard National Members Alliance (INMA) denies that InfraGard is anything but beneficial to all Americans stating "It's not an elitist group in any way, shape or form," she says. "We're out there trying to protect everybody. Any U.S. citizen on the planet is eligible to apply to InfraGard." [11]

LulzSec attacks

In 2011, LulzSec claimed responsibility for attacking chapter websites managed by local members in Connecticut and Atlanta, in order to embarrass the FBI with "simple hacks". [10] The group leaked some of InfraGard member e-mails and a database of local users. [16] The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video. LulzSec has posted the following message regarding the attack:

It has not come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it[.] [17]

2022 breach

On December 10, 2022, a member of BreachForums identified by the screen name "USDoD" posted a thread offering the sale, for $50,000, of a database containing the information of over 80,000 members of InfraGard. The individual claimed to have obtained access to the portal through a social engineering attack in which they pretended to be the CEO of an unknown U.S. financial corporation, [18] applying for InfraGard membership to both Infraguard members and the FBI who later granted the hacker InfraGard membership and access to the InfraGard portal. Once granted access the hacker, used a script to obtain the InfraGard database information.

The FBI has not commented on the hack but was aware of the false account in the InfraGard portal. The hack occurred roughly one year after the 2021 FBI email hack. [19] [20] [21]

On 24 March 2023, the United States Department of Justice announced the arrest of Conor Brian Fitzpatrick, the alleged administrator of BreachForums, by the FBI. Fitzpatrick was initially charged with conspiracy to commit access device fraud. [22] After the execution of a search warrant, he was additionally charged with possession of child pornography. Fitzpatrick was freed on a $300,00 bond, but was subsequently re-arrested on 2 January 2024 after allegedly violating the conditions of his bail. [23] On 16 January 2024, Fitzpatrick pled guilty to conspiracy to commit access device fraud, solicitation for the purpose of offering access devices and possession of child pornography. He was sentenced by a federal judge to 20 years of supervised release and is required to register as a sex offender. [24]

In May 2024, working in-conjunction with domestic and international law enforcement partners, the Department of Justice seized the BreachForums website. [25]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure. Shadowserver provides its data at no cost to national CSIRTs and network owners.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

The Criminal, Cyber, Response, and Services Branch (CCRSB) is a service within the Federal Bureau of Investigation (FBI). The CCRSB is responsible for investigating financial crime, white-collar crime, violent crime, organized crime, public corruption, violations of individual civil rights, and drug-related crime. In addition, the Branch also oversees all computer-based crime related to counterterrorism, counterintelligence, and criminal threats against the United States.

<span class="mw-page-title-main">Mustafa Al-Bassam</span> Iraqi-British computer hacker and co-founder of LulzSec

Mustafa Al-Bassam is an Iraqi- British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

Ryan Ackroyd, a.k.a.Kayla and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

<span class="mw-page-title-main">Dark0de</span> Online black marketplace and cybercrime forum

dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

Phyllis Schneck is an American executive and cybersecurity professional. As of May 2017, she became the managing director at Promontory Financial Group. Schneck served in the Obama administration as Deputy Under Secretary for Cybersecurity and Communications for the National Protection and Programs Directorate (NPPD), at the Department of Homeland Security.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.

<span class="mw-page-title-main">BreachForums</span> Cybercrime forum

BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.

Once a cyberattack has been initiated, certain targets need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.

References

  1. 1 2 "Robert S. Mueller, III -- InfraGard Interview at the 2005 InfraGard Conference". Infragard (Official Site) -- "Media Room". Archived from the original (mov) on 2011-06-17. Retrieved 2009-12-09.
  2. "Infragard, Official Site". Infragard. Retrieved 2012-07-10.
  3. 1 2 3 4 "About Infragard". Infragard (Official site). Archived from the original on 2011-05-18. Retrieved 2009-12-09.
  4. "InfraGard History". InfraGard National Members Alliance. Archived from the original on 2010-01-08.
  5. "InfraGard - A Partnership That Works". FBI. 2010-03-08. Retrieved 2012-07-15.
  6. Christopher, Ryan (22 March 2016). "MWCOG and InfraGardNCR Key to Government Engagement with Private Sector Critical Infrastructure Stakeholders". CIP Report. George Mason University. Retrieved August 16, 2016.
  7. Stone, Andrea (14 March 2016). "Four Key Imperatives to Building Effective Transportation Infrastructure Resilience". CIP Report. George Mason University. Retrieved August 16, 2016.
  8. NCR, InfraGard. "TAC-STRAT: A Tactical and Strategic Look at Cyber Security". eventbrite. Retrieved August 16, 2016.
  9. 1 2 3 Stanley, J. (2004). The Surveillance-Industrial Complex: How the American Government is Enlisting Private Parties in the Construction of a Surveillance Society (PDF) (Report). ACLU. p. 12. Retrieved 2011-06-05.
  10. 1 2 "Hackers Claim Strike On FBI Partner--Again". Huffington Post. June 21, 2011.
  11. 1 2 3 Kaplan, D. (2009-01-01). "On guard: InfraGard makes strides under new leadership". SCMagazine. Retrieved 2012-07-15.
  12. "InfraGard Membership". InfraGard. Archived from the original on 2012-07-17. Retrieved 2012-07-15.
  13. Madsen, W. (1999). "Details emerge of NSA and FBI involvement in domestic US computer security". Computer Fraud & Security. 1999 (1): 10–11. doi:10.1016/S1361-3723(00)86979-1.
  14. Joh, E. E. (2006). "The Forgotten Threat: Private Policing and the State". Indiana Journal of Global Legal Studies. 13 (2): 357–389. doi:10.2979/GLS.2006.13.2.357. S2CID   143569949.
  15. Balkin, J. M. (2008). "The Constitution in the National Surveillance State" (PDF). Minnesota Law Review. 93 (1).Balkin, Jack M. (10 June 2008). "Abstract". SSRN   1141524.{{cite web}}: Missing or empty |url= (help)
  16. "LulzSec claims to have hacked FBI-affiliated website". LA Times. 2011-06-03. Retrieved 2011-06-04.
  17. Read, M. (2011-06-04). "LulzSec Hackers Go After FBI Affiliates". Gawker. Archived from the original on 2011-06-06. Retrieved 2011-06-04.
  18. Krebs, Brian. "FBI's Vetted Info Sharing Network 'InfraGard' Hacked". KrebsOnSecurity . KrebsOnSecurity. Archived from the original on 2023-04-02. Retrieved April 2, 2023.
  19. "Hacker claims breach of FBI's critical-infrastructure portal". AP NEWS. 2022-12-14. Retrieved 2022-12-17.
  20. "FBI's Vetted Info Sharing Network 'InfraGard' Hacked – Krebs on Security". 13 December 2022. Retrieved 2022-12-17.
  21. "The FBI's Cybersecurity Program for Critical Infrastructure Was Hacked". Gizmodo. 2022-12-14. Retrieved 2022-12-17.
  22. "Office of Public Affairs | Justice Department Announces Arrest of the Founder of One of the World's Largest Hacker Forums and Disruption of Forum's Operation | United States Department of Justice". 24 March 2023.
  23. "BreachForums administrator detained after violating parole".
  24. https://cybernews.com/news/breachedforums-former-admin-gets-15-years/ [ bare URL ]
  25. "Cybercriminal site BreachForums seized by FBI". 23 May 2024.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.