This is not the first time the FBI has been hacked. 6 years ago, Cyberzeist breached the website of the FBI as part of the hacker group Anonymous.
Evidence has emerged that suggests that the FBI has suffered another cyber-attack.
A hacker who goes with Twitter handle CyberZeist, has said he hacked the website of the FBI, fbi.gov, and managed to leak personal account information of a number of FBI agents to the public.
The loophole was communicated to the FBI on December 22 but CyberZeist decided to give them time to patch up the problem before releasing the details to the public.
Cyberzeit made use of a zero-day loophole within the Plone CMS which is an open Source Content Management software used by the FBI to host its websites. The hacker then leaked personal data of FBI officials to Pastebin including names, passwords as well as email accounts.
CyberZeist tweeted several screenshots as proof of his hacking successes. The snapshots showed his illegal access to the server and database files by capitalizing on a zero-day local file inclusion type loophole which resulted in the malfunctioning of its Python plugins.
The hacker also discovered that the agency’s website is hosted on a virtual machine that runs a customized older version of FreeBSD, an open source operating system.
In another tweet, it was revealed that the Plone CMS zero-day point had been put on sale on a certain marketplace on the dark web.
Among all the available content management systems, Plone CMS is considered the most secure. It is used by most major sites including Google, and agencies like the FBI.
Cyberzeist also cautioned other organizations such as the European Union Agency for Network and Information Security, Intellectual Property Rights Coordination Centre, as well as Amnesty International, all of which use the Plone CMS. He said they could all be in danger of similar attacks.
There have been some comments from the Plone Security advisory. It has stated that it will build a security update which it will release on the 17th of January to patch up any loopholes.
This is not Cyberzeist’s first time hacking the FBI. In 2011, the hacker broke down the security of the FBI webiste as part of the hacker group known as Anonymous.