FBI Hacked, Agents Exposed and Leaked with Plone CMS 0-Day Exploit

FBI Hacked, Agents Exposed and Leaked with Plone CMS 0-Day Exploit

FBI Hacked, Agents Exposed

A hacker by the name of Cyberzeist (Cyberzeist2 on Twitter, first account banned due to banking hacks) took control of the main FBI website and released information on over 50 agents. Not only did he get the FBI agents infromation, but he warned the FBI of the exploit before he took any malicious action. When the FBI failed to do anything he released the information he had via Twitter such as records containing account data, including names, SHA1 Encrypted Passwords, SHA1 salts, and email addresses. The site was hacked on December 22nd 2016 according to Cyberzeist.

“Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI”

FBI Hacked, Agents Exposed

FBI Hacked, Agents Exposed













With the FBI Hacked, many of the agents had their information exposed. Cyberzeist said he could not release the code until the exploit is useless due to an agreement with the “vendor” or supplier of the code. With Plone being well known for it’s security, this hack will be great exposure for the vendor until the hole is completely patched. Cyberzeist said as a token of good faith to prove he wouldn’t give away the vulnerability, he gave the vendor his real information. Would be an interesting turn of events if this turned out to be an FBI honeypot of some sort.

Cyberzeist’s hacked the FBI in 2011 as well as part of the hacker group known as Anonymous. He has self-proclaimed that he is part of the Anonymous hacker umbrella.

“I have been in hacking scene since 2011 working under “Anonymous” umbrella and I hack the targets purely out of my own motivation.”

Here is more about his motivation:


Plone has said it will work on a full patch by January 17, which you can see here: https://plone.org/security/announcements/20170117-preannounce


Controversial Evernote Privacy Policy Update Was Retracted

Controversial Evernote Privacy Policy Update Was Retracted

The Controversial Evernote Privacy Policy Update Was Retracted After Outrage From Consumers.

A few days ago I received an email. It was from Evernote, a privacy policy update. I didn’t think much of it at the time. Later I noticed people complaining about it, so I decided to read it. It turns out, it gave employees, albeit a small amount, access to reading your notes. I immediately found this to be a problem for myself and as someone in the technology business. Companies should be working towards making privacy more accessible, not the other way around. Governments and corporations are always fighting against personal privacy lately. This anti-privacy policy shift is a huge problem, but for Evernote, they decided the fallout from their customer base was not worth it. The Controversial Evernote Privacy Policy Update Was Retracted

You can find the proposed Privacy Policy, as well as updates from Evernote in their Notice of Privacy Policy Updates (January 2017)

Social Media Outrage and Questions before the controversial Evernote Privacy Policy update was retracted.

Concerned users took the issue of Evernote’s privacy policy update up on social media; this is one of the driving forces that lead to why the controversial Evernote Privacy Policy update was retracted in the first place.

Their response was to admit the Evernote Privacy Policy update was a failure. It was also a breach of trust. Here is their official statement on Twitter.

The controversial Evernote Privacy Policy update was retracted, but there is still a lingering elephant in the room. They will still have computer programs doing it, and they won’t disallow customer data from being seen. Not if you don’t opt out. They claim the data will be anonymous, however.

Evernote Privacy Policy Update









Evernote’s Statements on Privacy

There could be a lot of reasons they want your data. Not all of them are harmful. However, it remains they still wanted it. Perhaps they wanted it for a more pleasant experience like they claim. Maybe they will be releasing new features. In the above piece they do mention their “Three Laws of Data Protection” which is:

Controversial Evernote Privacy Policy Update Was Retracted




You can read more on Evernote’s Three Laws of Data Protection page as it goes into more detail on what those three laws mean. You can also view their Transparency Report for 2015 for information on how they have handled information in the past.

Controversial Evernote Privacy Policy Update Was Retracted

Evernote CEO Chris O’Neill (left) and Evernote Co-founder and Executive Chairman Phil Libin. Source: Evernote’s Blog

Evernote’s CEO Chris O’Neal made a few statements publically and online about why the controversial Evernote Privacy Policy update was retracted. He apologizes for how the information was given to the consumer, as it wasn’t clear enough.

We recently announced an update to Evernote’s privacy policy that we communicated poorly,  and it resulted in some understandable confusion. We’ve heard your concerns, and we apologize for any angst we may have caused. In response to the questions you’ve raised, let me be clear about what’s not changing and what is changing. – CEO Chris O’Neill on Evernote’s Blog 

He wrote more information on what is and isn’t changing in their privacy policy, which you can see here:

Things to realize:

  • If you opt in, your data will be accessible to employees but not under your name. IE it will be anonymous.
  • If you opt in, you will have a more personal experience with Evernote, which means they may have new features planned.
  • Their software or AI as some are calling it will mask any personal information from employees before they have a chance to see it.
  • Also, companies are slowly but surely inching their way to a zero privacy ecosystem in technology.

Companies are becoming more and more transparent with our data. There are many pressures to do this as there is a lot of profit from marketing research and development. There is also a lot of money with selling your data, and many companies do with your permission. Be aware of your privacy rights. Watch out for your privacy, even if you have nothing to hide.

If you don’t think your privacy matters because you have nothing to hide, realize that isn’t the point. It isn’t about whether you are hiding something. It’s about monitoring for money, censorship, job opportunities, etc.

The Future of Privacy

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. — Edward Snowden’s “Ask Me Anything” on Reddit, May 21, 2015

I don’t want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded. — “Edward Snowden: ‘The US government will say I aided our enemies,’” July 8, 2013

A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves an unrecorded, unanalyzed thought. And that’s a problem because privacy matters; privacy is what allows us to determine who we are and who we want to be. — “Snowden Sends Christmas Message To USA,” Dec. 25, 2013

The tide has turned, and we can finally see a future where we can enjoy security without sacrificing our privacy. Our rights cannot be limited by a secret organization … Even the defenders of mass surveillance, those who may not be persuaded that our surveillance technologies have dangerously outpaced democratic controls, now agree that in democracies, surveillance of the public must be debated by the public.  — “An Open Letter to the People of Brazil,” Dec. 17, 2013

The future of having no privacy is already upon us with rule 41 being passed, allowing the FBI legal authority to hack into computer systems en masse.

Historical DynDNS DDoS Attack Effects Paypal Twitter Reddit and More

Historical DynDNS DDoS Attack Effects Paypal Twitter Reddit and More

Historical DynDns DDos Attack Affects Paypal, Twitter, Reddit and More

Yesterdays DynDns DDos Attack was an unprecedented DDoS attack which affected a large portion of the internet, especially on the east coast. Some of the websites that were taken offline as a result of the attack were Paypal, Twitter, Reddit, Spotify, Github, Etsy and there were plenty more affected. DynDNS  started to notice the attack at 4:10 PM PST. There was a total of 3 large attacks. The first attack targeting data centers in Chicago, Washington, D.C., and New York. On 10/23/2016 at roughly 12 pm, there was a second assault. The third hit at 2 AM PST on Saturday morning, the East Coast, Texas and California were affected by the attacks. Over 20 data centers were taken down. Reports say it was due to successful TCP SYN DDoS floods targeted at Dyn’s port 53.

Yesterday was a historical day for the technology industry as well as the internet community as a whole. The DynDns DDoS Attack Affected Paypal, Twitter, Reddit and more.

The technology sector and security researchers will have a hard time securing systems to these types of attacks. This historical DynDNS DDoS attack marks of the advances in the hacker community for DDoS attack tools. The power, capability of attacks and hardware available for infection just keeps growing. The tools used keep getting more sophisticated, and more easily accessible such as Mirai.

Mirai source code leaked

The primary tool used to attack Dyn DNS servers is a program called Mirai. Mirai is a program that is relatively easy to use, even for beginners. So much so that even complete beginners to the hacking scene can pick it up quickly. The source code was recently leaked for all to find and use. It infected insecure routers first, then everything on their networks they could infect. This includes, but isn’t limited to:

  • DVRs
  • Cable Boxes
  • Webcams and security DDTV cameras.

IoT devices or the Internet of Things were one of the primary targets of Mirai used in the DDoS attack on Dyn DNS. IoT devices are devices which are connected to the network. For example. speakers, DVRs, webcams, smart TVs and more. Anything that is connected to your network really, and what people don’t realize is, they are susceptible to attack.

Dyn DNS Mitigated the DDoS attack, and things are back to normal…for now

Dyn DNS is back to normal for now according to their site. Everything can be taken down of course with the right tools and power. The tech industry will continue to try to find more elaborate ways to stop DDoS attacks and other malicious threats. Hackers will always be right there with them. Their methods will become more elaborate as the tech industries methods do. The tech industry is shaken, as is the whole internet community. Conspiracies of it being an inside job have surfaced, as well as it being done by internet hacktivist collective Anonymous in support of Wikileaks being shut down.


Whatever started this attack, it is apparent that it was one of many battles to come in the War of the Internet.

143VPN Facebook Deal

143VPN Facebook Deal

Another 143VPN Facebook Deal

We have posted about 143VPN’s deals in the past, and here is a great 143VPN Facebook Deal.

143VPN Facebook Deal

143VPN Facebook Deal

We messaged them on Facebook and they gave us a discount code that was $20 for a lifetime account, which is as good as the last Black Friday deal we posted. We believe it is due to them wanting more Facebook activity, but it is still a great deal. If you want the code go ahead and message 143VPN on Facebook and ask for the code. You can do so here: https://www.facebook.com/143VPN

We highly recommend you check out 143VPN due to their no log VPN service and their array of locations around the world.

143VPN Facebook Deal

143VPN Facebook Deal

Tor Guard Black Friday Deal – 50% Off Reoccuring!

Tor Guard Black Friday Deal – 50% Off Reoccuring!

Hello fellow readers, I just wanted to inform you that the best Torrent proxy and Torrent VPN service Torguard has a black friday special for 50% off.  As title says TORGUARD vpn has 50% off Lifetime Recurring Discount promotion ( valid until 12/31/2015 )
so what you have to do is :
1. Sign up HERE
2. When checking out put the promotion code: “BlackFriday”