CyberZeist (@cyberzeist2) Hacked FBI Website And Leaked Data on PasteBin

The official website (https://www.fbi.gov/) of Federal Bureau of Investigation (FBI) has been hacked by black hat hacker CyberZeist. It is the same hacker, who hacked the FBI website in 2011. The hacker is also available on twitter as @cyberzeist2. The hacker leaked 155 FBI accounts on Pastebin. The leaked data includes email addresses, names, Passwords (SHA1 Encrypted) and SHA1 Salts. The CyberZeist (@cyberzeist2) hacker found all this data from backup files of FBI database. Some of the backup files are “acc_112016.bck, acc_102016.bck, old_acc16.bck”.

How CyberZeist (@cyberzeist2) Did It?

The website of FBI is using Plone Content Management System (CMS). According to the security experts, it is the most secured CMS till the day. Many other Government agencies are using this CMS. In late December 2016, the hacker revealed on twitter that he has exploited a critical zero-day security flaw which exists in the “Python Modules” of Plone CMS. The hacker exploited the same zero-day security flaw to pawn the website of FBI. The CyberZeist explained that he did not found this zero-day flaw, he was only tasked to test this flaw against the FBI and Amnesty International NGO. As a proof, he has posted several photos on his twitter timeline.

The Actual Founder of Plone CMS Zero Day Was Afraid

The actual founder of this Zero Day security flaw was afraid to test it against the FBI. Then he contacted CyberZeist and told about it. According to CyberZeist, the local media of United States is ignoring this news and it has been published by Germany and Russian media. The hacker posted a photo of FBI website on Twitter in which you can see that it was down just after the hack.The hacker also said that some other Plone CMS based websites could be hacked by exploiting the same zero-day flaw. The websites of EU Agency for Network Information and Security and Intellectual Property Rights Coordination Center are also using Plone CMS.

Response of FBI

The hacker wrote that FBI didn’t contact him but other sources were asking him to pass on the leaked data and CyberZeist denied it. He also said that when the security experts of FBI were fixing the issue, he was still exploiting it at the backend. The hacker wrote that he can’t publish attack vector because he is not the owner of the exploit. He got this exploit from Tor as someone (“lo4fer”) was selling it. On his Pastebin post, he has also posted a link in which he is asking to people to vote for next expected target.

Also Read: