Home US Hacker breaches FBI for the second time, calls their security ’lazy’

Hacker breaches FBI for the second time, calls their security ’lazy’

554
7
SHARE
Ralf-Udo Thiele / Global Look Press

For the second time, a hacker known as CyberZeist has breached the FBI’s website and leaked personal account information to a public site.

On December 22, 2016, CyberZeist, also known as Le4ky, exploited a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI’s website, and leaked some of the information to Pastebin, an open source site that is often used by hackers to post stolen information and bits of code.

In the Pastebin leak, the hacker claims that the leak was “totally devoted to the Anonymous Movement.”

A zero-day fault is a vulnerability in the code that has not been detected, listed, or patched yet. Therefore, the FBI had zero days to respond to the attack. CyberZeist was able to find a vulnerability in the Plone CMS, which is considered to be the most secure CMS’ among security experts. It is used for many major websites like Google, the FBI and the CIA, and other major US agencies.

The latest hack revealed personal data on 155 agents in the FBI, including their names, passwords, and email accounts.

CyberZeist warned other agencies that are currently using the Plone CMS that they too are vulnerable to a similar attack, including the EU Agency for Network & Information Security, Intellectual Property Rights Coordination Center, and Amnesty International.

CyberZeist breached the FBI’s site and found they were running an old version of the open source operating system (OS) FreeBSD. While the most recent version, 11.0, was released in October 2016, the FBI is still using version 6.2, which was released in January 2007.

While exploiting the code, CyberZeist discovered that the FBI’s webmaster had “a very lazy attitude as he/she had kept the backup files (.bck extension) on the same folder where the site root was placed (Thank you Webmaster!)

Authorities in the US have not yet responded to the CyberZeist hacks. CyberZeist claims that they did not discover the vulnerability in the CMS. “I was assigned to test out the 0day vulnerability on FBI and Amnesty website,” because, as they claim, the vendor was “too afraid to use it against the FBI website.

The hacker confirmed that the zero-day exploit is offeredFOR SALE on the Tor network by a hacker that goes by the moniker “lo4fer.” “I obviously cannot publish the 0day attack vector myself as it is being actively sold over tor network for bitcoins,” CyberZeist says in the leak. “Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself.

In 2011, CyberZeist was also credited with hacking the FBI as a member of the hacking group known as Anonymous. At the time, he was able to breach the FBI’s security with a phishing scam that spoofed a login portal. This is very similar to the way that the recent Democratic National Committee emails were hacked.

In that hack, CyberZeist was able to steal over 250 email addresses and passwords.

For his next assignment, CyberZeist has set up a poll, asking his fans to vote for the next target he should hack. The options are between government services, banking corporations, military and defense services, and an “other” option, where you can tweet your preference to CyberZeist. The popular choice is banking institutions, with over 800 votes so far.

7 COMMENTS

  1. $5.50 each -$1.50/2 Kotex Products, Any (Excluding Trial Size) – Kotex.com or use – $1/1 Poise Pads, Any – Cocsnop.uom or use – $1/1 Poise Liners, Any – Coupons.com =$4.50 each -$4.75 each after

  2. Hey! This post could not be written any better!

    Reading through this post reminds me of my good old room mate!
    He always kept talking about this. I will forward this write-up
    to him. Pretty sure he will have a good read.
    Thank you for sharing!

  3. I needed to send you a very little observation to be able to say thanks again with your striking suggestions you’ve shared in this article. It’s certainly strangely open-handed with you to convey extensively all that most of us might have supplied as an e book to generate some money on their own, even more so considering the fact that you might have done it if you ever desired. These advice additionally served as a easy way to be certain that other people online have similar interest much like my own to know much more in respect of this condition. I’m sure there are some more pleasant instances up front for those who see your blog.

  4. I am just commenting to make you be aware of what a really good discovery my wife’s daughter enjoyed studying the blog. She came to find several things, including what it is like to have an incredible helping character to have other folks without difficulty thoroughly grasp a variety of hard to do subject matter. You really exceeded our expectations. Many thanks for distributing the productive, safe, educational and in addition fun thoughts on this topic to Jane.

LEAVE A REPLY