s: A hacker has claimed to have breached the content management system used by the FBI. The hacker uses Twitter handle @CyberZeist and claims to have dumped email addresses and hashes on Pastebin. The fbi.gov’s server was hosted on an outdated FreeBSD VM, according to the hacker.
s: A hacker has claimed to have breached the content management system used by the FBI. The hacker uses Twitter handle @CyberZeist and claims to have dumped email addresses and hashes on Pastebin. The fbi.gov’s server was hosted on an outdated FreeBSD VM, according to the hacker.
Ahacker, who operates the Twitter handle @CyberZeist, has made claims regarding hacking the FBI’s website, fbi.gov, and gaining sensitive information. Prior to this claim, the hacker claimed to have exposed the flaw on 22 December.
The hacker has dumped 155 stolen credentials on the Pastebin. @CyberZeist accessed the data by exploiting a zero-day vulnerability in the open source cms software, named Plone, used by the FBI to host its website’s content. He found the flaw in a Python module.
The websites of the National Intellectual Property Rights Coordination Center and the European Union Agency for Network and Information Security are also hackable, says @CyberZeist.
On Twitter, @CyberZeist tweeted that various sources contacted hacker, requesting a copy of stolen data, which was declined.
As the website was hosted in a VM, the hacker was unable to gain root access. Still, he managed to get some server data. The FBI website’s server was actually a FreeBSD version 6.3_RELEASE.
Interestingly, the hacker also says that the zero-day used in the exploit is being sold on the dark net. So, he doesn’t plan to share more details until it’s available for purchase.
@CyberZeist has also claimed that FBI’s webmaster has a very lazy attitude as she/he stored the backup files on the same folder as the site’s root.
Did find this story on FBI hack helpful? Don’t forget to share your views and feedback.