The free content management system (CMS) used by the FBI on its official website was violated by CyberZeist, who managed to access more than 150 accounts including email addresses and encrypted passwords.
CyberZeist breached it Plone CMS, used by the FBI in late December, using a zero-day, discovered by someone else, and explains that there are still many other organizations and services that are vulnerable to attacks, such as the EU Agency for Network Information and Security and the Intellectual Property Rights Coordination Center.
After hacking the FBI.gov site, CyberZeist discovered a dump of the database, which appears to include email addresses and SHA1 encrypted passwords.
Ο hacker αναφέρει ότι ο ιστότοπος ήταν hosted σε ένα VM και αυτό τον σταμάτησε από το να αποκτήσει root πρόσβαση, αλλά ούτως ή άλλως κατάφερε να ανακτήσει κάποιες πληροφορίες του διακομιστή, Ο διακομιστής του FΒI έτρεχε FreeBSD version 6.2_RELEASE of 2007 with the custom settings as mentioned by the hacker.
“With the FBI.GOV breach, it was clearly evident that their webmaster had a very lazy attitude by keeping backup files security (.bck extensions) in the same folder as the site root (Thanks Webmaster!), but I still haven't leaked all the contents of the backup files. Instead I tweeted my findings and thought I'd wait for the FBI's response,” CyberZeist reported.
Furthermore, the hacker mentioned that the zero-day exploit has already been sold through Tor, so he won't share more details until it is no longer available for sale.
https://twitter.com/Amnesty_Schweiz/status/816680016507498497
Amnesty International, one of the organizations using the same CMS software, has already recognized vulnerability. The FBI has not posted any comments for this hack at this time.
CyberZeist, meanwhile, said the FBI was trying to fix the vulnerability on New Year's Eve, so it believes the CMS is now safe.