The free content management system (CMS) used by the FBI on its official website was violated by CyberZeist, who managed to access more than 150 accounts including email addresses and encrypted passwords.
CyberZeist breached it Plone CMS, used by the FBI at the end of December, using a zero-day one discovered by someone else, and explains that there are still many other agencies and services vulnerable to attacks such as the EU Agency for Network Information and Security and Intellectual Property Rights Coordination Center.
After hacking the FBI.gov website, CyberZeist discovered a dump of it baseς data, which appears to include email addresses and SHA1 encrypted passwords.
The hacker reports that the site was hosted on a VM and this stopped him from getting root access, but anyway he was able to retrieve some server information. The FBI server was running 6.2's FreeBSD version 2007_RELEASE with custom settings as reported the hacker.
“With the FBI.GOV breach, it was clearly evident that their webmaster had a very lazy attitude as he had kept the backup files (extensions .bck) in the same folder as the site root (Thanks Webmaster!), but I still haven't leaked all the contents of the backup files. Instead I tweeted my findings and thought I'd wait for the FBI's response,” CyberZeist reported.
In addition, the hacker reported that the zero-day exploit has already been sold through Tor, so no more details will be shared until it is no longer available for purchase.
https://twitter.com/Amnesty_Schweiz/status/816680016507498497
Amnesty International, one of the organizations that use the same software CMS has already acknowledged the vulnerability. The FBI has not yet released any comments on this hack.
CyberZeist, meanwhile, said the FBI was trying to fix the vulnerability on New Year's Eve, so it believes the CMS is now safe.
