FBI Cybersecurity Experts? No They Just Got Hacked
For the second time, a hacker known as CyberZeist has breached the FBI’s website and leaked personal account information to a public site.
On December 22, 2016, CyberZeist, also known as Le4ky, exploited a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI’s website, and leaked some of the information to Pastebin, an open source site that is often used by hackers to post stolen information and bits of code.
While exploiting the code, CyberZeist discovered that the FBI’s webmaster had “a very lazy attitude as he/she had kept the backup files (.bck extension) on the same folder where the site root was placed (Thank you Webmaster!)”
Authorities in the US have not yet responded to the CyberZeist hacks. CyberZeist claims that they did not discover the vulnerability in the CMS. “I was assigned to test out the 0day vulnerability on FBI and Amnesty website,” because, as they claim, the vendor was “too afraid to use it against the FBI website.”
The hacker confirmed that the zero-day exploit is offered for sale on the Tor network by a hacker that goes by the moniker “lo4fer.” “I obviously cannot publish the 0day attack vector myself as it is being actively sold over tor network for bitcoins,” CyberZeist says in the leak. “Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself.”
In the Pastebin leak, the hacker claims that the leak was “totally devoted to the Anonymous Movement.”
A zero-day fault is a vulnerability in the code that has not been detected, listed, or patched yet. Therefore, the FBI had zero days to respond to the attack. CyberZeist was able to find a vulnerability in the Plone CMS, which is considered to be the most secure CMS’ among security experts. It is used for many major websites like Google, the FBI and the CIA, and other major US agencies.
The latest hack revealed personal data on 155 agents in the FBI, including their names, passwords, and email accounts.
CyberZeist warned other agencies that are currently using the Plone CMS that they too are vulnerable to a similar attack, including the EU Agency for Network & Information Security, Intellectual Property Rights Coordination Center, and Amnesty International.