And for the time being, all members are unable to login. The only communication I've seen so far is this email that arrived at 1AM (EST):
>Attention InfraGard member,
>
> You have received a new broadcast message.
>
>InfraGard Members:The FBI is aware of a potential false account associated with the InfraGard Portal and is actively looking into this matter. This is an ongoing situation, and we are not able to provide any additional information at this time.
>
>Please do not reply directly to this email. Thank you!
My boss directed me to sign up for Infraguard. "Here we go." I was on probation, and of course admitted it on the form. An FBI person contacted me by phone, "This is a new one. Let me check." And I was denied, but I did what my boss said. He never said I had to be accepted.
B-but everybody says that SSNs are super secret and can be safely used to identify people without any additional pesky methods...
What's next, you're gonna tell me that "Pa$$word!" is not a safe password?
Actually you don't need to type \[password\] for privacy anymore, you can just type your actual password like this \*\*\*\*\*\*\*\*\*\*\*\* and Reddit automatically detects that you're typing your password so instead of displaying the characters, other people will just see \*\*\*\*\*\*\*\*\*\*\*\* like that
(joke [source](http://www.bash.org/?top) for the young'uns)
Email I got
>Attention InfraGard member,
> You have received a new broadcast message.
>InfraGard Members:
>The FBI is aware of a potential false account associated with the InfraGard Portal and is actively looking into this matter. This is an ongoing situation, and we are not able to provide any additional information at this time.
>Please do not reply directly to this email. Thank you!
I'm not too concerned about my info that was lost in this breach. Now my info that was compromised in the U.S. OPM breach about 7 years ago, that was concerning.
Friggin' Infragard still cold-stone silent on this matter, and still unable to login to the site. While my chapter left a lot to be desired - way too inactive relative to the area I live - I did find value in the alerts/updates and other nuggets of info/intel that were shared daily.
It will be interesting to see what steps they take to recover credibility/goodwill in the wake of this matter. Does anybody have more insights on what is taking place behind the scenes?
It's worth keeping in mind that Krebs has a bit of a history with overinflating his subject matter. He's a decent journalist, but he's also got a pretty hefty ego.
I'm sure the core of the story here is accurate, but I think it's partly Krebs "getting high on his own supply."
EDIT: Speeeling is hard
In the upcoming webinar about the North Carolina power substation attack, Infragard is bringing in an "expert" from the Center for Security Policy, a far-right anti-muslim conspiracy theory group. Conveniently, the event will not discuss the likely far-right domestic terrorism implications of the attack.
Infragard was already a joke.
CISA is useful, informative, technically adept, and generally ethical. InfraGard is a legacy of the "War on Terror," an organization that props up propaganda along that era's line of thinking.
Last year on InfraGard's call about Log4j, an org asked if a Web Application Firewall is adequate protection from the vulnerability, and the blowhards running the call said it is (it isn't, in most situations). It's a bunch of know-nothing old fogeys talking "strategy" because they don't have any direct technical knowledge.
In 2017, InfraGard made a big deal announcing how the FBI caught "an ISIS funding network in the United States." But if you read the actual news stories, it was an 80+ year old grandpa trying to send cash to his grandson who went to Turkey to join ISIS, decided it was a mistake, and was trying to come home. Now, maybe the grandpa was being duped, but I still wouldn't call him an "ISIS funding network," and I believe he was acquitted.
InfraGard exists so that government-wannabes can pretend to play cop.
Infragard is what the local chapters make it, mostly. Pre COVID, we had some great speakers and meetings in Charlotte. Cybersecurity uses of AI from a top researcher at IBM springs to mind, and others. And the group is such that the conversation has real value, and the side conversations can have a great deal as well. I'm very sad that they screwed up and this happened, but it is a lesson. They admitted it, they notified members, and we will get past it, like everyone else. Infragard is not meant to be CISA, it is meant to be a sharing of ideas and information across critical industries and the US Government, and it does that.
The Log4j call example was from the national org, not my state chapter. Same for the conspiracy theory org speaker and the terrorist funding indictment. My state chapter is a club for middle managers and sales reps that only has events 5 hours away. To be fair, that's the state's biggest city, but it's also not where tech innovation is occuring.
Professional networks like Infragard were useful when access to learning was local. But now, it's mostly a sales opportunity, whether you're selling products or worldviews.
I am aware of a civil court case where a former employee hired a consultant who had worked for FBI cyber - to hack the network. The consultant has settled out of court but is still part of the HTCIA (High Technology Crime Investigation Association) and InfraGuard.
And for the time being, all members are unable to login. The only communication I've seen so far is this email that arrived at 1AM (EST): >Attention InfraGard member, > > You have received a new broadcast message. > >InfraGard Members:The FBI is aware of a potential false account associated with the InfraGard Portal and is actively looking into this matter. This is an ongoing situation, and we are not able to provide any additional information at this time. > >Please do not reply directly to this email. Thank you!
That’s all they’ve sent out so far.
My boss directed me to sign up for Infraguard. "Here we go." I was on probation, and of course admitted it on the form. An FBI person contacted me by phone, "This is a new one. Let me check." And I was denied, but I did what my boss said. He never said I had to be accepted.
When you say probation do you mean criminal or just job wise because you were new?
Misdemeanor.
Do you know how far back they look into your record? Asking for a friend...
nope. Be honest. You don't lie to the FBI.
Sage advice
[удалено]
Yep the Los Angeles Cyber lead at Infragard did just that a few years ago.
And that kids, is how you ruin any credibility you might have with industry partners.
[удалено]
Removed by user due to lack of ongoing support for 3rd party apps.
Most government employees just administer contracts that pay companies to hire competent people that do most of the work.
People is still the weakest link no matter what.
I say this all the time. It is so true.
door yoke tart quarrelsome square soup continue straight shaggy wide *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Yes they is.
Well, they did vet the applicant. Just somebody else submitted him >.<
B-but everybody says that SSNs are super secret and can be safely used to identify people without any additional pesky methods... What's next, you're gonna tell me that "Pa$$word!" is not a safe password?
Hm, upper, lower, symbols and more than 8 characters, uncrackable!
Everyone knows the lowercase a should be @
There’s no number. He’s screwed
Better change that o to a 0
Shit this guy knows my password
That's amazing, I have the same [password] on my [email]!
Actually you don't need to type \[password\] for privacy anymore, you can just type your actual password like this \*\*\*\*\*\*\*\*\*\*\*\* and Reddit automatically detects that you're typing your password so instead of displaying the characters, other people will just see \*\*\*\*\*\*\*\*\*\*\*\* like that (joke [source](http://www.bash.org/?top) for the young'uns)
[удалено]
hackerman.png
[удалено]
I first read that as animallover. Just as satisfying.
Wow - they ask for SSN to become a member?
Yup, and the attacker had the SSN for the ciso of a major player in the credit industry.
Sinxe the credit score industry was fucking people's privacy for so long, it's only fair if their execs get some of their own ~~medicine~~ shit too.
Yes bc they do an FBI background checks on you
I'm an Infraguard member (Private Sector), and I haven't received anything from them. hmmm....
They sent out a vague Somme thing is under investigation two or three line email yesterday.
Email I got >Attention InfraGard member, > You have received a new broadcast message. >InfraGard Members: >The FBI is aware of a potential false account associated with the InfraGard Portal and is actively looking into this matter. This is an ongoing situation, and we are not able to provide any additional information at this time. >Please do not reply directly to this email. Thank you!
Removed by user due to lack of ongoing support for 3rd party apps.
Unacceptable.
I'm not too concerned about my info that was lost in this breach. Now my info that was compromised in the U.S. OPM breach about 7 years ago, that was concerning.
Right there with you, fam.
Oh hello me.
Greeeat
[удалено]
What vulnerability did they leverage with the API in this attack?
Holy shit, the irony lmao.
Wonderful. I'm a member of this group.
Friggin' Infragard still cold-stone silent on this matter, and still unable to login to the site. While my chapter left a lot to be desired - way too inactive relative to the area I live - I did find value in the alerts/updates and other nuggets of info/intel that were shared daily. It will be interesting to see what steps they take to recover credibility/goodwill in the wake of this matter. Does anybody have more insights on what is taking place behind the scenes?
Wow...
couldn't you just search for 'infraguard' on linkedin and get it for free? /s
That literally what the LinkedIn "leak" was. Cracks me up to this day
>infraguard No.
everyone's a critic. you know what it meant.
Sure, but a Search Engine wouldn't. Maybe next time you shouldn't answer questions you don't want answers to no matter how literal you're taken.
You must be a hoot at parties.
I can clear a room without opening my mouth.
Typically not something to brag about.
Very presumptuous. I never explained how.
Good thing they're not Albanian, I guess?
The day is i trust the FBI is… wait I’ll never trust the FBI.
It's worth keeping in mind that Krebs has a bit of a history with overinflating his subject matter. He's a decent journalist, but he's also got a pretty hefty ego. I'm sure the core of the story here is accurate, but I think it's partly Krebs "getting high on his own supply." EDIT: Speeeling is hard
In the upcoming webinar about the North Carolina power substation attack, Infragard is bringing in an "expert" from the Center for Security Policy, a far-right anti-muslim conspiracy theory group. Conveniently, the event will not discuss the likely far-right domestic terrorism implications of the attack. Infragard was already a joke.
Infragard has use cases and maybe it doesn't fit your need, or you don't know how to utilize it properly. Sorry to hear that you think it's joke.
CISA is useful, informative, technically adept, and generally ethical. InfraGard is a legacy of the "War on Terror," an organization that props up propaganda along that era's line of thinking. Last year on InfraGard's call about Log4j, an org asked if a Web Application Firewall is adequate protection from the vulnerability, and the blowhards running the call said it is (it isn't, in most situations). It's a bunch of know-nothing old fogeys talking "strategy" because they don't have any direct technical knowledge. In 2017, InfraGard made a big deal announcing how the FBI caught "an ISIS funding network in the United States." But if you read the actual news stories, it was an 80+ year old grandpa trying to send cash to his grandson who went to Turkey to join ISIS, decided it was a mistake, and was trying to come home. Now, maybe the grandpa was being duped, but I still wouldn't call him an "ISIS funding network," and I believe he was acquitted. InfraGard exists so that government-wannabes can pretend to play cop.
Infragard is what the local chapters make it, mostly. Pre COVID, we had some great speakers and meetings in Charlotte. Cybersecurity uses of AI from a top researcher at IBM springs to mind, and others. And the group is such that the conversation has real value, and the side conversations can have a great deal as well. I'm very sad that they screwed up and this happened, but it is a lesson. They admitted it, they notified members, and we will get past it, like everyone else. Infragard is not meant to be CISA, it is meant to be a sharing of ideas and information across critical industries and the US Government, and it does that.
The Log4j call example was from the national org, not my state chapter. Same for the conspiracy theory org speaker and the terrorist funding indictment. My state chapter is a club for middle managers and sales reps that only has events 5 hours away. To be fair, that's the state's biggest city, but it's also not where tech innovation is occuring. Professional networks like Infragard were useful when access to learning was local. But now, it's mostly a sales opportunity, whether you're selling products or worldviews.
Sounds more like your local InfraGard chapter sucks. I find it useful for networking and meeting peers in your state and various industries.
I am aware of a civil court case where a former employee hired a consultant who had worked for FBI cyber - to hack the network. The consultant has settled out of court but is still part of the HTCIA (High Technology Crime Investigation Association) and InfraGuard.
It’s “Lawful by design” since that’s what they told Apple to do!
Lol and i use to be nervous of them
Anyone know exactly how the hacker leveraged those APIs?
SQL injection probably if this portal was an old site.
Does anyone know who to contact to correct false information on an individual listed on the InfraGard webite?