FBI Hacked, Agents Exposed
A hacker by the name of Cyberzeist (Cyberzeist2 on Twitter, first account banned due to banking hacks) took control of the main FBI website and released information on over 50 agents. Not only did he get the FBI agents infromation, but he warned the FBI of the exploit before he took any malicious action. When the FBI failed to do anything he released the information he had via Twitter such as records containing account data, including names, SHA1 Encrypted Passwords, SHA1 salts, and email addresses. The site was hacked on December 22nd 2016 according to Cyberzeist.
“Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI”
FBI Hacked, Agents Exposed
With the FBI Hacked, many of the agents had their information exposed. Cyberzeist said he could not release the code until the exploit is useless due to an agreement with the “vendor” or supplier of the code. With Plone being well known for it’s security, this hack will be great exposure for the vendor until the hole is completely patched. Cyberzeist said as a token of good faith to prove he wouldn’t give away the vulnerability, he gave the vendor his real information. Would be an interesting turn of events if this turned out to be an FBI honeypot of some sort.
Cyberzeist’s hacked the FBI in 2011 as well as part of the hacker group known as Anonymous. He has self-proclaimed that he is part of the Anonymous hacker umbrella.
“I have been in hacking scene since 2011 working under “Anonymous” umbrella and I hack the targets purely out of my own motivation.”
Here is more about his motivation:
Plone has said it will work on a full patch by January 17, which you can see here: https://plone.org/security/announcements/20170117-preannounce
Evernote’s Statements on Privacy
There could be a lot of reasons they want your data. Not all of them are harmful. However, it remains they still wanted it. Perhaps they wanted it for a more pleasant experience like they claim. Maybe they will be releasing new features. In the above piece they do mention their “Three Laws of Data Protection” which is:
You can read more on Evernote’s Three Laws of Data Protection page as it goes into more detail on what those three laws mean. You can also view their Transparency Report for 2015 for information on how they have handled information in the past.
Evernote CEO Chris O’Neill (left) and Evernote Co-founder and Executive Chairman Phil Libin. Source: Evernote’s Blog
Things to realize:
- If you opt in, your data will be accessible to employees but not under your name. IE it will be anonymous.
- If you opt in, you will have a more personal experience with Evernote, which means they may have new features planned.
- Their software or AI as some are calling it will mask any personal information from employees before they have a chance to see it.
- Also, companies are slowly but surely inching their way to a zero privacy ecosystem in technology.
Companies are becoming more and more transparent with our data. There are many pressures to do this as there is a lot of profit from marketing research and development. There is also a lot of money with selling your data, and many companies do with your permission. Be aware of your privacy rights. Watch out for your privacy, even if you have nothing to hide.
If you don’t think your privacy matters because you have nothing to hide, realize that isn’t the point. It isn’t about whether you are hiding something. It’s about monitoring for money, censorship, job opportunities, etc.
The Future of Privacy
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. — Edward Snowden’s “Ask Me Anything” on Reddit, May 21, 2015
I don’t want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded. — “Edward Snowden: ‘The US government will say I aided our enemies,’” July 8, 2013
A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves an unrecorded, unanalyzed thought. And that’s a problem because privacy matters; privacy is what allows us to determine who we are and who we want to be. — “Snowden Sends Christmas Message To USA,” Dec. 25, 2013
The tide has turned, and we can finally see a future where we can enjoy security without sacrificing our privacy. Our rights cannot be limited by a secret organization … Even the defenders of mass surveillance, those who may not be persuaded that our surveillance technologies have dangerously outpaced democratic controls, now agree that in democracies, surveillance of the public must be debated by the public. — “An Open Letter to the People of Brazil,” Dec. 17, 2013
The future of having no privacy is already upon us with rule 41 being passed, allowing the FBI legal authority to hack into computer systems en masse.
Historical DynDns DDos Attack Affects Paypal, Twitter, Reddit and More
Yesterdays DynDns DDos Attack was an unprecedented DDoS attack which affected a large portion of the internet, especially on the east coast. Some of the websites that were taken offline as a result of the attack were Paypal, Twitter, Reddit, Spotify, Github, Etsy and there were plenty more affected. DynDNS started to notice the attack at 4:10 PM PST. There was a total of 3 large attacks. The first attack targeting data centers in Chicago, Washington, D.C., and New York. On 10/23/2016 at roughly 12 pm, there was a second assault. The third hit at 2 AM PST on Saturday morning, the East Coast, Texas and California were affected by the attacks. Over 20 data centers were taken down. Reports say it was due to successful TCP SYN DDoS floods targeted at Dyn’s port 53.
Yesterday was a historical day for the technology industry as well as the internet community as a whole. The DynDns DDoS Attack Affected Paypal, Twitter, Reddit and more.
The technology sector and security researchers will have a hard time securing systems to these types of attacks. This historical DynDNS DDoS attack marks of the advances in the hacker community for DDoS attack tools. The power, capability of attacks and hardware available for infection just keeps growing. The tools used keep getting more sophisticated, and more easily accessible such as Mirai.
Mirai source code leaked
The primary tool used to attack Dyn DNS servers is a program called Mirai. Mirai is a program that is relatively easy to use, even for beginners. So much so that even complete beginners to the hacking scene can pick it up quickly. The source code was recently leaked for all to find and use. It infected insecure routers first, then everything on their networks they could infect. This includes, but isn’t limited to:
- Cable Boxes
- Webcams and security DDTV cameras.
IoT devices or the Internet of Things were one of the primary targets of Mirai used in the DDoS attack on Dyn DNS. IoT devices are devices which are connected to the network. For example. speakers, DVRs, webcams, smart TVs and more. Anything that is connected to your network really, and what people don’t realize is, they are susceptible to attack.
Dyn DNS Mitigated the DDoS attack, and things are back to normal…for now
Dyn DNS is back to normal for now according to their site. Everything can be taken down of course with the right tools and power. The tech industry will continue to try to find more elaborate ways to stop DDoS attacks and other malicious threats. Hackers will always be right there with them. Their methods will become more elaborate as the tech industries methods do. The tech industry is shaken, as is the whole internet community. Conspiracies of it being an inside job have surfaced, as well as it being done by internet hacktivist collective Anonymous in support of Wikileaks being shut down.
Whatever started this attack, it is apparent that it was one of many battles to come in the War of the Internet.
Another 143VPN Facebook Deal
We have posted about 143VPN’s deals in the past, and here is a great 143VPN Facebook Deal.
143VPN Facebook Deal
We messaged them on Facebook and they gave us a discount code that was $20 for a lifetime account, which is as good as the last Black Friday deal we posted. We believe it is due to them wanting more Facebook activity, but it is still a great deal. If you want the code go ahead and message 143VPN on Facebook and ask for the code. You can do so here: https://www.facebook.com/143VPN
We highly recommend you check out 143VPN due to their no log VPN service and their array of locations around the world.
143VPN Facebook Deal