InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members.[1] InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.[2]

InfraGard
Formation1996
TypeNon-profit organization
Membership86,691
Websitewww.infragard.org

History

edit

InfraGard began in the Cleveland, Ohio, Field Office in 1996,[3][4] and has since expanded to become a national-level program, with InfraGard coordinators in every FBI field office. Originally, it was a local effort to gain support from the information technology industry and academia for the FBI's investigative efforts in the cyber arena, but it has since expanded to a much wider range of activities surrounding the nation's critical infrastructure.[1]

The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) directed by RADM James B. Plehal and to the FBI's Cyber Division in 2003.[3] Since 2003, InfraGard Alliances and the FBI said that they have developed a TRUST-based public-private sector partnership to ensure reliability and integrity of information exchanged about various terrorism, intelligence, criminal, and security matters. It supports FBI priorities in the areas of counterterrorism, foreign counterintelligence, and cybercrime.[3][5]

Information sharing

edit

InfraGard chapters participate to assure that the critical infrastructure owners and operators—estimated at 85% private sector—are engaged and represented in local and regional planning efforts.[6] Working on all 16 critical infrastructure sectors, the organization provides resources and information not only on prevention, but also on building resilience and response capabilities.[7]

Training

edit

InfraGard chapters around the nation also provide cyber and physical security training sessions that focus on the latest threats as identified by the FBI. Sessions include threat briefings, technical sessions on cyber and physical attack vectors, response training, and other resources to help CISOs and CSOs protect their enterprise. InfraGard approaches threats to critical infrastructure from both a tactical and strategic level, addressing the needs of those on the front lines of security as well as those decision makers tasked with assessing their enterprise's vulnerabilities and allocating resources to protect it.[8]

The information sharing between the organization and government has been criticized by those protecting civil liberties, concerned the membership would be surrogate eyes and ears for the FBI.[9] The group has also been the subject of hacking attacks intended to embarrass the FBI.[10] Local chapters regularly meet to discuss the latest threats or listen to talks from subject matter experts on security issues,[11] with membership open to U.S. citizens at no cost.[12] As of July 2012, the organization reported membership at over 54,677 (including FBI).[3]

Civil liberties

edit

Partnership between government agencies and private organizations has its critics.[9][13][14] Concerned about civil liberties, the American Civil Liberties Union (ACLU) warned that there "is evidence that InfraGard may be closer to a corporate TIPS program, turning private-sector corporations — some of which may be in a position to observe the activities of millions of individual customers — into surrogate eyes and ears for the FBI". Concluding that "any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future."[9][11] While others describing Infragard state "the architecture of the Internet—and the many possible methods of attack— requires governments, corporations, and private parties to work together to protect network security and head off threats before they occur."[15] Responding to the ACLU criticism, Chairwoman Kathleen Kiernan of the InfraGard National Members Alliance (INMA) denies that InfraGard is anything but beneficial to all Americans stating "It's not an elitist group in any way, shape or form," she says. "We're out there trying to protect everybody. Any U.S. citizen on the planet is eligible to apply to InfraGard."[11]

LulzSec attacks

edit

In 2011, LulzSec claimed responsibility for attacking chapter websites managed by local members in Connecticut and Atlanta, in order to embarrass the FBI with "simple hacks".[10] The group leaked some of InfraGard member e-mails and a database of local users.[16] The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS", accompanied with a video. LulzSec has posted the following message regarding the attack:

It has not come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it[.][17]

2022 breach

edit

On December 10, 2022, a member of BreachForums identified by the screen name "USDoD" posted a thread offering the sale, for $50,000, of a database containing the information of over 80,000 members of InfraGard. The individual claimed to have obtained access to the portal through a social engineering attack in which they pretended to be the CEO of an unknown U.S. financial corporation,[18] applying for InfraGard membership to both Infraguard members and the FBI who later granted the hacker InfraGard membership and access to the InfraGard portal. Once granted access the hacker, used a script to obtain the InfraGard database information.

The FBI has not commented on the hack but was aware of the false account in the InfraGard portal. The hack occurred roughly one year after the 2021 FBI email hack.[19][20][21]

On 24 March 2023, the United States Department of Justice announced the arrest of Conor Brian Fitzpatrick, the alleged administrator of BreachForums, by the FBI. Fitzpatrick was initially charged with conspiracy to commit access device fraud.[22] After the execution of a search warrant, he was additionally charged with possession of child pornography. Fitzpatrick was freed on a $300,000 bond, but was subsequently re-arrested on 2 January 2024 after allegedly violating the conditions of his bail.[23] On 16 January 2024, Fitzpatrick pled guilty to conspiracy to commit access device fraud, solicitation for the purpose of offering access devices and possession of child pornography. He was sentenced by a federal judge to 20 years of supervised release and is required to register as a sex offender.[24]

In May 2024, working in-conjunction with domestic and international law enforcement partners, the Department of Justice seized the BreachForums website.[25]

See also

edit
  • MATRIX – Information sharing partnership between various local, state and federal law enforcement agencies
  • Fusion Center - Information sharing between federal agencies such as the FBI and state, local, and tribal law enforcement. The private sector sometimes provides information and analysis.
  • Operation TIPS – Program to have citizens provide information to law enforcement and intelligence agencies
  • Terrorism Liaison Officer

References

edit
  1. ^ a b "Robert S. Mueller, III -- InfraGard Interview at the 2005 InfraGard Conference". Infragard (Official Site) -- "Media Room". Archived from the original (mov) on 2011-06-17. Retrieved 2009-12-09.
  2. ^ "Infragard, Official Site". Infragard. Retrieved 2012-07-10.
  3. ^ a b c d "About Infragard". Infragard (Official site). Archived from the original on 2011-05-18. Retrieved 2009-12-09.
  4. ^ "InfraGard History". InfraGard National Members Alliance. Archived from the original on 2010-01-08.
  5. ^ "InfraGard - A Partnership That Works". FBI. 2010-03-08. Retrieved 2012-07-15.
  6. ^ Christopher, Ryan (22 March 2016). "MWCOG and InfraGardNCR Key to Government Engagement with Private Sector Critical Infrastructure Stakeholders". CIP Report. George Mason University. Retrieved August 16, 2016.
  7. ^ Stone, Andrea (14 March 2016). "Four Key Imperatives to Building Effective Transportation Infrastructure Resilience". CIP Report. George Mason University. Retrieved August 16, 2016.
  8. ^ NCR, InfraGard. "TAC-STRAT: A Tactical and Strategic Look at Cyber Security". eventbrite. Retrieved August 16, 2016.
  9. ^ a b c Stanley, J. (2004). The Surveillance-Industrial Complex: How the American Government is Enlisting Private Parties in the Construction of a Surveillance Society (PDF) (Report). ACLU. p. 12. Retrieved 2011-06-05.
  10. ^ a b "Hackers Claim Strike On FBI Partner--Again". Huffington Post. June 21, 2011.
  11. ^ a b c Kaplan, D. (2009-01-01). "On guard: InfraGard makes strides under new leadership". SCMagazine. Retrieved 2012-07-15.
  12. ^ "InfraGard Membership". InfraGard. Archived from the original on 2012-07-17. Retrieved 2012-07-15.
  13. ^ Madsen, W. (1999). "Details emerge of NSA and FBI involvement in domestic US computer security". Computer Fraud & Security. 1999 (1): 10–11. doi:10.1016/S1361-3723(00)86979-1.
  14. ^ Joh, E. E. (2006). "The Forgotten Threat: Private Policing and the State". Indiana Journal of Global Legal Studies. 13 (2): 357–389. doi:10.2979/GLS.2006.13.2.357. S2CID 143569949.
  15. ^ Balkin, J. M. (2008). "The Constitution in the National Surveillance State" (PDF). Minnesota Law Review. 93 (1).Balkin, Jack M. (10 June 2008). "Abstract". SSRN 1141524. {{cite web}}: Missing or empty |url= (help)
  16. ^ "LulzSec claims to have hacked FBI-affiliated website". LA Times. 2011-06-03. Retrieved 2011-06-04.
  17. ^ Read, M. (2011-06-04). "LulzSec Hackers Go After FBI Affiliates". Gawker. Archived from the original on 2011-06-06. Retrieved 2011-06-04.
  18. ^ Krebs, Brian. "FBI's Vetted Info Sharing Network 'InfraGard' Hacked". KrebsOnSecurity. KrebsOnSecurity. Archived from the original on 2023-04-02. Retrieved April 2, 2023.
  19. ^ "Hacker claims breach of FBI's critical-infrastructure portal". AP NEWS. 2022-12-14. Retrieved 2022-12-17.
  20. ^ "FBI's Vetted Info Sharing Network 'InfraGard' Hacked – Krebs on Security". 13 December 2022. Retrieved 2022-12-17.
  21. ^ "The FBI's Cybersecurity Program for Critical Infrastructure Was Hacked". Gizmodo. 2022-12-14. Retrieved 2022-12-17.
  22. ^ "Office of Public Affairs | Justice Department Announces Arrest of the Founder of One of the World's Largest Hacker Forums and Disruption of Forum's Operation | United States Department of Justice". 24 March 2023.
  23. ^ "BreachForums administrator detained after violating parole".
  24. ^ "BreachForums former admin gets 20 years supervised release". 17 January 2024.
  25. ^ "Cybercriminal site BreachForums seized by FBI". 23 May 2024.

Further reading

edit
edit