FBI Hacked, Agents Exposed and Leaked with Plone CMS 0-Day Exploit
FBI Hacked, Agents Exposed
A hacker by the name of Cyberzeist (Cyberzeist2 on Twitter, first account banned due to banking hacks) took control of the main FBI website and released information on over 50 agents. Not only did he get the FBI agents infromation, but he warned the FBI of the exploit before he took any malicious action. When the FBI failed to do anything he released the information he had via Twitter such as records containing account data, including names, SHA1 Encrypted Passwords, SHA1 salts, and email addresses. The site was hacked on December 22nd 2016 according to Cyberzeist.
“Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI”
With the FBI Hacked, many of the agents had their information exposed. Cyberzeist said he could not release the code until the exploit is useless due to an agreement with the “vendor” or supplier of the code. With Plone being well known for it’s security, this hack will be great exposure for the vendor until the hole is completely patched. Cyberzeist said as a token of good faith to prove he wouldn’t give away the vulnerability, he gave the vendor his real information. Would be an interesting turn of events if this turned out to be an FBI honeypot of some sort.
Cyberzeist’s hacked the FBI in 2011 as well as part of the hacker group known as Anonymous. He has self-proclaimed that he is part of the Anonymous hacker umbrella.
“I have been in hacking scene since 2011 working under “Anonymous” umbrella and I hack the targets purely out of my own motivation.”
Here is more about his motivation:
— CyberZeist (@cyberzeist2) January 5, 2017
Plone has said it will work on a full patch by January 17, which you can see here: https://plone.org/security/announcements/20170117-preannounce