CyberZeist targets FBI, DNC claims the agency didn’t seek access to hacked servers

The FBI is under fire from two sources: a hacker who goes by the handle CyberZeist, and the Democratic National Committee (DNC).

  • CyberZeist claims to have hacked the FBI’s website (fbi.gov) and leaked personal account information of several FBI agents publicly, according to The Hacker News.
  • The DNC claims the agency never examined its servers before dropping a report that fingered Russian hackers for the massive data breach disclosed right before last summer’s Democratic National Convention, according to a Buzzfeed report.

Plone CMS flaw exploited to extract FBI data

The Hacker News reported that CyberZeist tweeted multiple screenshots showing unauthorized access to server and database files using a local file inclusion vulnerability in its Python plugins. The hacker also found that the FBI’s website is hosted on a virtual machine using a customized older version of FreeBSD.

The hacker sent a follow-up tweet saying access was gained by exploiting a Plone CMS zero-day exploit, and that they leaked personal data of 155 FBI officials to Pastebin, including their names, passwords and email accounts. The exploit is up for sale on the online black market, CyberZeist said.

Hacker News CEO and founder Mohit Kumar wrote that Plone is considered one of the most secure content management systems around. Users include Google, the FBI and CIA, the European Union Agency for Network and Information Security, Intellectual Property Rights Coordination Center and Amnesty International.

CyberZeist reportedly warned those entities that they’re also at risk of attack.

FBI outsourced forensics work

Regarding the DNC claims, BuzzFeed News quoted a DNC spokesman who said the bureau had yet to request access to the hacked servers, even though it announced the investigation six months ago. Meanwhile, the spokesman said, no US government entity has run an independent forensic analysis on the system.

“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.

The news site said the FBI has outsourced the investigative work to third-party tech security company CrowdStrike.

The official told BuzzFeed News, “CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said. The FBI declined to comment, BuzzFeed News said.