A hacker has affirmed to have effectively broken FBI’s sites for the second time, releasing personal account data on a public site.
On December 22, 2016, a hacker utilizing the name CyberZeist, otherwise called Le4ky, made full use of a zero-day vulnerability in the Plone Content Management System (CMS) of the FBI’s site. The zero-day blemish was supposedly accessible to be purchased on an anonymous site, sold by a hacker that passes by the name ‘lo4fer.” The programmer then continued to release a portion of the email addresses and SHA1 encoded hashes with salts to Pastebin – an open source site frequently utilized by hackers to share stolen data or codes.
CyberZeist then tweeted about his hack, and said that the FBI was fixing up the vulnerability.
CyberZeist said that the FBI’s website admin had “a very lazy attitude as he/she had kept the backup files (.bck extension) on the same folder where the site root was placed (Thank you Webmaster!).” The most recent hack uncovered individual information of 155 agents in the FBI, including their names, passwords, and email accounts.
This is not the first time CyberZeist has asserted to hack the FBI. He was credited with hacking the FBI as a member from Anonymous, a hacking clique in 2011. In the Pastebin release, the hacker said the assault was “totally devoted to the Anonymous Movement.” CyberZeist likewise cautioned that different agencies, including the EU Agency for Network and Information Security, Intellectual Property Rights Coordination Center, and Amnesty International, are additionally helpless against a comparative assault.
FBI hasn’t remarked on the issue but Plone’s security group has called the leak a “trick.” Plone CMS is considered the most secure CMSes accessible, utilized by a few organizations, including the FBI and the CIA. This is what Plone needed to say in regards to the claimed attack.
Some users on Twitter are circulating rumours about about a zero day vulnerability in Plone being used to attack the FBI.
The Plone Security Team believes that these claims are a hoax. As Plone is open source software, it is easy to fake a screenshot showing Plone’s code. Causing source code to be leaked to the end user is a common form of attack against PHP applications, but as Python applications don’t use the cgi-bin model of execution it has never been a marker of an attack against a Python site.
The hashes [the ‘hacker’] claims to have released have several warning signs that point to them being fake. Firstly, the email addresses used match other FBI emails that have been harvested over the years that are publicly available. The password hashes and salts he claims to have found are not consistent with values generated by Plone, indicating they were bulk generated elsewhere.