FBI website hacked by CyberZeist and data leaked online

[Petrovic]

Quote

The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into the FBI website FBI.gov and leaked data on Pastebin.

The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into the FBI website FBI.gov  and leaked data on Pastebin.

 

The hacker leaked the FBI.GOV accounts that he found in several backup files (acc_102016.bck, acc_112016.bck, old_acc16.bck, etc).

Leaked records contain accounts data, including names, SHA1 Encrypted Passwords, SHA1 salts, and emails.

 

The intrusion occurred on December 22, 2016, the hacker revealed to have exploited a zero-day vulnerability in the Plone Content Management System

“Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI”

CyberZeist explained that he did not find the zero-day in CMS he exploited, he was just tasked to test it against the websites of the  FBI and Amnesty. Other websites are potentially exposed to the same zero-day attack, including Intellectual Property Rights Coordination Center and EU Agency for Network Information and Security.

The vulnerability resides in some python modules of the CMS.

 

Other Vulnerable websites include EU Agency for Network Information and Security along with Intellectual Property Rights Coordination Center.

The hacker also Tweeted an image of the FBI website that was down just after the hack.

CyberZeist tested the 0-day because the vendor was too afraid to use it aginst the FBI website. The hacker noticed that while media from Germany and Russia published the news about the hack, but US based publishers ignored it.

 

According to CyberZeist, the FBI contacted him to pass on the leaks.

“I was contacted by various sources to pass on the leaks to them that I obtained after hacking FBI.GOV but I denied all of them. Why? just because I was waiting for FBI to
react on time. They didn’t directly react and I don’t know yet what are they up to, but at the time I was extracting my finds after hacking FBI.GOV,” he wrote.

The expert added further info on the attack, while experts at the FBI were working to fix the issue, he noticed that the Plone 0day exploit was still working against the CMS backend.

 

“I couldn’t gain a root access (obviously!), but I was able to recon that they were running FreeBSD ver 6.2-RELEASE that dates back to 2007 with their own custom configurations. Their last reboot time was 15th December 2016 at 6:32 PM in the evening.” he added.

It seems that administrators of the websites made some regrettable errors, for example teh exposed the backup files on the same server, it was a joke for the hacker to access them even if he decided don’t publish them immediatelly.

 

“While exploiting FBI.GOV, it was clearly evident that their webmaster had a very lazy attitude as he/she had kept the backup files (.bck extension) on that same folder
where the site root was placed (Thank you Webmaster!), but still I didn’t leak out the whole contents of the backup files, instead I tweeted out my findings and thought to
wait for FBI’s response”

Now let’s sit and wait for the FBI’s response.I obviously cannot publish the 0day attack vector myself as

The hacker confirmed that the 0-day is offered for sale on Tor by a hacker that goes by the moniker “lo4fer.” Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself.

 

“Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself.” CyberZeist added.

This isn’t the first time CyberZeist hacked the website of the Federal Bureau of Investigation, in 2011 when he was one of the members of the Anonymous collective he broke into the database of the law enforcement agency.

 

Let’s close with a curiosity … CyberZeist is asking you to chose the next target.

https://www.poll-maker.com/poll885856x749D3f82-36.

 

The hacker is very popular, among his victims, there are Barclays, Tesco Bank and the MI5.

To remain in touch with CyberZeist visit his page on Pastebin

http://pastebin.com/u/CyberZeist2

 

Article source

[knowledge-Spammer]

:

[truemate]

lol.. FBI site is also not safe

[steven36]

12 hours ago, knowledge said:

 

things like this happen when usa play games with russia

 

 

Are you saying the Russians are Nazis ? CyberZeist,  was part of a UGNazi.. UGNazi, short for Underground Nazi Hacktivist Group  Composed of  JoshTheGod, MrOsama, CyberZeist, Daisuke, CosmoTheGod,  He hacked the FBi website back in 2011 for the Government trying to pass Sopa
 

https://en.wikipedia.org/wiki/UGNazi

https://fr.wikipedia.org/wiki/UGNazi

 

 

 

 

[knowledge-Spammer]

:

[steven36]

6 minutes ago, knowledge said:

i am not saying russians hacked sites no  we not do things like that ?

but i see this comment he made

when usa playing games with russia

russians are looking at the fbi hacks  and learning

in about 20 days time big changes and everyone  know it  so usa trying to hit russia hard  but we just wait it out and see the changes

obama time is up soon and we cant wait

 

Hes a Neo Nazi like Hitler i would not believe nothing he said  one of  the hackers that was in his group JoshTheGod is from the USA  that got busted. he may be himself?

 

 

[Petrovic]

Quote

[Reading from "The Hackers' Manifesto."]
Agent Bob: "This is our world now. The world of the electron and the switch; the beauty of the baud. We exist without nationality, skin color, or religious bias. You wage wars, murder, cheat, lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. I am a hacker, and this is my manifesto." Huh? Right? Manifesto? "You may stop me, but you can't stop us all."

 

Hackers (1995)

[knowledge-Spammer]

:

[steven36]

24 minutes ago, knowledge said:

Hitler 

everyday people say we are like Hitler  russians i mean  but we are not like that

see this lady she  understand verywell

 

  Reveal hidden contents

 

 

Russia dont like Nazi's  they found out the Hard way in World War 2 you cant trust Nazi's they thought Hitler was going make peace with them but instead he waged war against them and caused millions of Russians to die.

 

Also i been reading Hackers are using fake news to try  too hack you so id be careful what i clicked on .

[flitox]

2 hours ago, steven36 said:

Russia dont like Nazi's  they found out the Hard way in World War 2 you cant trust Nazi's they thought Hitler was going make peace with them but instead he waged war against them and caused millions of Russians to die.

 

thats rather rewriting history to prsent things like that cuz it not really how things happened but no point about talking about that....

 

but UGNazi, are they called like that cuz they believe in white aryan supremacy or deutschland uber alles in the world, or thay are just using the shorten word nazi for simple shock value???

[pc71520]

3 hours ago, truemate said:

lol.. FBI site is also not safe

[steven36]

7 hours ago, flitox said:

thats rather rewriting history to prsent things like that cuz it not really how things happened but no point about talking about that....

 

but UGNazi, are they called like that cuz they believe in white aryan supremacy or deutschland uber alles in the world, or thay are just using the shorten word nazi for simple shock value???

1st thing you need to understand Americans were taught to see both Nazi Germany and the Soviet Union as the greatest of evils.. But Americans dont think  Russia are like  Hitler , Some may think they are like Stalin witch they run pretty close on how many they killed.  But I  dont take no group that uses the word Nazi as being trustworthy i was raised up around racism and  my grandparents  raised me  to not join such groups and its still very alive today 

 

.i watched  as CyberZeist and his group do all this before back in 2011 on Facebook they would  post it as they done it live in public.  Hackers did not stop SOPA from happening they try to take credit for a  joint  effort from everyone on the internet  protesting it  that's what stopped it.. CyberZeist  use DDoS people are naive to cheer people like him on it's seems pretty funny tell they wipe out you're favorite site or one day wipe out the whole internet. 

 

CyberZeist seems annoyed the FBI  is not giving him any attention but maybe the FBI are staying quiet   because they busted a FBI Agent who was leaking things to the press .It's not there job to talk about it ..Its there job to catch him and they busted some of his hacking buddies before and only time will tell will they catch him too . He seems to be a attention seeker and nuts to want too get put on the FBI most wanted list.

 

I told everyone the FBI had a mole that kept leaking stuff too the press before and sure enough  they caught  one but no one listens to me .It may be more and they are laying low.

 

All the stuff Hackers  done back in the past never caused the internet too become more free. it just brings it to Governments attention   that a world wide Cyberwar is needed for them to control  the internet  so really they just make things worse in the long run . There cowards hiding behind a computer they dont have no control over no politician pushing a pen passing laws.  

 

There's too much proof that the FBI really  are not so great at solving cyber crimes all by themselves  1st they hired paid hackers to unlock that smart phone now it seems they are not the ones who examine the servers of the Democratic National Committee that say Russia was involved. They hired   CrowdStrike witch is a third-party tech security company. CrowdStrike are the ones who told the FBI that Russian Hackers were involved . There are plenty  of paid Hackers who will be more than happy to grass you out for a fee .

 

Quote

 

The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.

“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.

The FBI declined to comment.

 

 

 

https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers

 

[knowledge-Spammer]

:

[SandStone]

Deleted.

[straycat19]

People are talking about the FBI outsourcing some work like it is a bad thing.  But realistically, the CyberCrime Units have a very large area to cover, and phones and websites are a very very small piece of that.  It makes sense to outsource those things which are one off rather than spending millions to create a new department.  It is no different than any company outsourcing security, or web development, or anything else.  The agents in the CyberCrime units are very intelligent and overworked.  As far as hacking a public website, yes FBI.gov is a public website, another script kiddie bragging about his non exploit.  I love the names these kids come up with.  CosmotheGod, JoshtheGod would more aptly be named CosmotheIdiot and JoshtheFool.  I'm not a fan of script kiddies, if you couldn't tell.  Now a real hacker would go after the DNC now that they have hardened their system.  A real hacker would be able to hack his/her way in since the the script kiddies scripts won't work anymore.  But hacking a public website, phhhh, what a lame piece of feces.

[steven36]

6 hours ago, knowledge said:

and yet  as  u say steven36

  a Underground Nazi Hacktivist Group 

are hacking the FBI  and things like this

and yet russians are the bad people ?

sure russian will like to see the fbi hacks

Here is were one of the members from the same group Cyberzesit belonged too  The Jester hacked Anonymous in 2012  , They also hacked Wiki Leaks  They are just most famous for hacking the CIA  website  and other USA websites but they will hack anybody even other Hackers.

http://www.theregister.co.uk/2012/03/13/jester_qr_exploits/

Nazi's dont like no one but other Nazi , they will act like there you're  friend to get info from you and shoot you in the back.  Russia have there own hack groups they dont need Neo Nazis to do there dirty work for them . if they are  like the fake news claims.. :P

 

 

[steven36]

 

Quote

 

FBI Says the Democratic Party Wouldn’t Let Agents See the Hacked Email Servers

 

 

Questions about the Democratic National Committee hack and Russia’s alleged involvement have been swirling for months, and have intensified as the intelligence community prepares to brief president-elect Donald Trump about its conclusions on Friday and release a declassified report next week. Ahead of this announcement, the DNC told Buzzfeed on Wednesday that neither the FBI nor any other intelligence agency ever did an independent assessment of the organization’s breached servers. Instead, they alleged, the FBI relied exclusively on information from private digital forensics company Crowdstrike. Now the FBI is refuting this account of the events.

 

 

In a statement to WIRED, a senior FBI law enforcement official wrote in an email Thursday that “The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated.” This contrasts with what DNC deputy communications director Eric Walker told Buzzfeed in an email: “The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers.”

 

 

In its statement, the FBI agreed with the DNC’s implication that it had instead relied on data from Crowdstrike. But the Bureau points the finger for its lack of independent evaluation squarely at the DNC. According to the FBI official, “This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”

When asked about the FBI’s comments and the two institutions’ differing accounts of events, the DNC referred WIRED to its statement to Buzzfeed on Wednesday.

 

 

Quote

 

So how and why are they so sure about hacking if they never even requested an examination of the computer servers? What is going on?

— Donald J. Trump (@realDonaldTrump)

 

 

On Thursday evening Trump tweeted that the DNC’s claim raises fundamental questions about whether a hack even occurred at the DNC at all. But whether the DNC was hacked is not in doubt. On that point the DNC and FBI agree that the hack happened. Third party evidence revealed an intrusion regardless of intelligence community findings (which also agree that a hack occurred).

 

 

The possibility that the FBI based its investigation on inferior-quality evidence is significant, though, as the US government and public try to assess the intelligence community’s Russia attribution. The Obama administration issued sanctions against Russian intelligence groups last week, but Trump and others have raised doubts about the conclusion that Russia was behind various incidents of election meddling, including the DNC hack. Meanwhile, in a Senate Armed Services Committee hearing Thursday morning, US Director of National Intelligence James Clapper alleged that Russia was involved in fake news operations and disinformation campaigns during the US presidential campaign season.

 

 

Still, the attribution of the DNC hack to Russia has been extensively vetted by multiple agencies within the US intelligence community as well as the civilian infosec community. Even given healthy skepticism, the overall consensus from both groups is that Russia orchestrated and executed the hacking campaigns. Officials told the Washington Post on Thursday that one factor intelligence agencies considered in their attribution was intercepted communications in which Russian officials openly celebrated Donald Trump’s election and Hillary Clinton’s loss as a political boon to the Kremlin. The Post reports that some of the revelers were Russian officials who knew about initiatives to interfere with the US presidential campaigns.

 

 

At the time of publication, the FBI had not yet responded to a request for comment from WIRED about whether it feels that it missed out on higher caliber evidence in investigating the DNC breach or whether it was satisfied with the evidence it collected through other channels. NBC News reporter Ken Dilanian tweeted on Wednesday that a “source close to the investigation says FBI didn’t need the DNC servers because it already had the forensic data from upstream collection.”

 

 

The FBI official’s characterization that the DNC “caused significant delays and inhibited the FBI from addressing the intrusion earlier” is somewhat at odds with a report published by the New York Times in mid-December, which indicated that the FBI originally took a “low-key approach” to notifying the DNC about suspicious activity the Bureau had detected on the DNC’s network. In that reported version of the timeline, it wasn’t until seven months after the initial (half-hearted) FBI warning that the DNC was first motivated to defend its network.

 

 

At the Senate hearing on Thursday, NSA director Michael Rogers said, “The biggest frustration to me is speed, speed, speed. We have got to get faster. We have got to be more agile.”

Updated 1/5/17 7:30 p.m. to include response from the Democratic National Committee.
Updated 1/5/17 8:00 p.m. to include Donald Trump’s tweet.

 

 

https://www.wired.com/2017/01/fbi-says-democratic-party-wouldnt-let-agents-see-hacked-email-servers/

 

 

[steven36]

Quote

 

Plone dismisses claim that flaw in its CMS was used to hack FBI

The Plone security team believe reports of FBI.gov being hacked through a zero-day Plone exploit are false

 

 

The security team behind Plone, a content management system that powers many enterprise websites, has dismissed claims that hackers have access to information about an unpatched critical vulnerability.

 

The dismissal comes after a hacker who uses the online alias CyberZeist published a list of log-in credentials and hashed passwords that he claimed were obtained by hacking into the FBI.gov website by using a Plone zero-day exploit.

 

CyberZeist, who claims to act in the name of the Anonymous hacktivist movement, said in a post on Pastebin Monday that he didn't find the Plone vulnerability himself, but he was asked to test it out by the person who did.

 

The FBI website was supposedly selected as a target because it's publicly known that it runs on Plone. However, the hacker said that other websites, including those of the European Union Agency for Network and Information Security (ENISA) and the U.S. National Intellectual Property Rights Coordination Center (NIPRCC), were also vulnerable.

 

 

"I obviously cannot publish the 0day attack vector myself as it is being actively sold over [the] Tor network for bitcoins," the hacker said in his Pastebin post.

 

However, the Plone maintainers said in a blog post on the project's website that "the Plone security team has been aware of a recent claim, has examined it, and has determined that it is a hoax. There is no zero-day flaw in Plone nor in Plone-based distributions."

 

Matthew Wilkes, a member of the Plone security team, explained in an email message why the team believes both the vulnerability report and the FBI.gov hack are part of a hoax. According to him, there are many inconsistencies between the technical details released by the hacker and the way the open-source CMS works.

 

Plone is written mostly in Python and runs on top of Zone, a Python-based web application server. CyberZeist claimed that the FBI web server was running FreeBSD 6.2-RELEASE, a very old version of the FreeBSD operating system that dates back to 2007.

 

 

 

FreeBSD 6.2 only supports Python 2.4 and 2.5 and Plone does not run on such old versions of Python, Wilkes said.

 

 

The password hashes and salts that accompany the leaked FBI account names are not consistent with values that Plone would generate, suggesting that they were generated in bulk on another server, according to Wilkes. Furthermore, the leaked FBI email addresses match addresses that have been harvested from various sources over the years and are publicly available.

 

The hacker also claimed to have gathered the logins from backup files found on the web server that had the .bck file extension. The Plone database backup system does not generate files with that extension and the backups that it does generate are stored outside the webserver directories.

 

"It would be hard to change this behaviour and there would be no benefit of doing so," Wilkes said.

 

 

Furthermore, some screen shots posted by the hacker on Twitter suggest the attack forced the FBI website to expose portions of its source code. While this type of attack is common against PHP applications, it's not possible against Python websites that don't use the cgi-bin model of execution.

 

Another screen shot posted by the hacker shows information from an email that was supposedly extracted from the FBI server's mail logs.

"This appears to be his own server's logs, as although he has modified the name of the server in the log to be an FBI one, he has neglected to change the timezone reported in the emails from Indian Standard Time to Eastern Standard Time," Wilkes said.

 

On top of all that, CyberZeist has been suspected of faking hacks and data leaks before.

 

 

The goal of faking the compromise of FBI.gov, a high-profile website that's known to use Plone, could be to try and trick other hackers into paying for an exploit that doesn't exist. According to Wilkes the so-called Plone zero-day exploit is up for sale on the Tor network for 8 bitcoins -- around US$9,000.

 

"There is no reason to believe that his claims are genuine and we would warn all website administrators to be wary of social media users claiming to have bugs for sale," he said.

Before rumors of this vulnerability appeared, Plone had already announced an upcoming security patch scheduled to be released on Jan. 17. That fix has nothing to do with the alleged zero-day exploit and is meant to fix a "minor, low severity" security issue that does not allow for remote code execution or file inclusion, Wilkes said.

 

"There is no evidence that there was a targeted attack or compromise against FBI.gov," the FBI said in an emailed statement.

 

http://www.cio.com/article/3155071/security/plone-dismisses-claim-that-flaw-in-its-cms-was-used-to-hack-fbi.html

A Message To Fake Anonymous And The Deceived

 

 

 

 

[knowledge-Spammer]

removed

[steven36]

This was not the 1st time  he was caught doing fake hacks

http://thenextweb.com/insider/2012/07/19/data-from-the-anonymous-attack-on-oil-companies-may-have-been-faked/

Quote

Today, @YourAnonNews posted a tweet that read, "FBI hacked by Anonymous North India?" and a link to a pastebin entry that I have take the liberty of copying and pasting below in case someone decides to delete it.

 

Did anybody recognize this? You should, it was posted verbatim back in October 2012. And again in January 2013.

The first part is from this pastebin by Cyber Zeist aka le4ky, the other is from this pastebin by the same author.

Get the picture? This is old news. Nobody was hacked. Please stop falling for scams. Tell ya what:

Scott Arciszewski's Super Elite Secret 0day Technique For Identifying Reposts

1. Select a password at random—preferrably, from near the top of the list, and one that looks unique (long, random, not a dictionary word). Like MThadtgo5a91$a&%
2. Search for it on Google
3. ????
4. PROFIT!

In closing, I'd like to say that it appears the FBI was correct when it said that the biggest threats have been arrested, because it seems that many of you do not have a clue.

You are not Legion, you are lesion; a cancer to the rest of the infosec community. Want to prove me wrong? Stop being gullible.

 

https://scott.arciszewski.me/blog/2013/08/the-fbi-password-leak-is-fake

If you read comments  here  there's FBI acting like Anonymous and lots of other fakers doing hacks for profit and government hackers doing it for political reasons in the name of Anonymous and Anonymous wants it too stop!

http://www.anonintelgroup.com/2016/02/09/the-anonymous-collective-calls-out-anonhq-for-profiting-off-anons/