FBI Hacked, Agents Exposed and Leaked with Plone CMS 0-Day Exploit

FBI Hacked, Agents Exposed and Leaked with Plone CMS 0-Day Exploit

FBI Hacked, Agents Exposed

A hacker by the name of Cyberzeist (Cyberzeist2 on Twitter, first account banned due to banking hacks) took control of the main FBI website and released information on over 50 agents. Not only did he get the FBI agents infromation, but he warned the FBI of the exploit before he took any malicious action. When the FBI failed to do anything he released the information he had via Twitter such as records containing account data, including names, SHA1 Encrypted Passwords, SHA1 salts, and email addresses. The site was hacked on December 22nd 2016 according to Cyberzeist.

“Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI”

FBI Hacked, Agents Exposed

FBI Hacked, Agents Exposed

 

 

 

 

 

 

 

 

 

 

 

 

With the FBI Hacked, many of the agents had their information exposed. Cyberzeist said he could not release the code until the exploit is useless due to an agreement with the “vendor” or supplier of the code. With Plone being well known for it’s security, this hack will be great exposure for the vendor until the hole is completely patched. Cyberzeist said as a token of good faith to prove he wouldn’t give away the vulnerability, he gave the vendor his real information. Would be an interesting turn of events if this turned out to be an FBI honeypot of some sort.

Cyberzeist’s hacked the FBI in 2011 as well as part of the hacker group known as Anonymous. He has self-proclaimed that he is part of the Anonymous hacker umbrella.

“I have been in hacking scene since 2011 working under “Anonymous” umbrella and I hack the targets purely out of my own motivation.”

Here is more about his motivation:

 

Plone has said it will work on a full patch by January 17, which you can see here: https://plone.org/security/announcements/20170117-preannounce

 

Windows 7 Obsolete; Mainstream Support Ends

Windows 7 is now considered obsolete due to the support for the operating system being ended. While this doesn’t mean they will stop patching it quite yet, it is obvious that Microsoft is trying to end of life the product. They will most likely, based on their past updates of Windows XP, continue to patch vulnerabilities for a few more years or so. No new features will be coming to Windows 7, and Windows 10 will take the forefront in the coming months. We suggest you pay close attention to end of life for Windows 7 if you are still running it to make sure your system is secure, and if you are still on Windows XP, we highly recommend you upgrade immediately as they are no longer patching vulnerabilities for that operating system.