CYBERZEIST2
VOTE FOR THE NEXT TARGET - goo.gl/17gE9a Shout-out to TruthIzSexy (twitter.com/TruthIzSexy) for keeping the soul of "Anonymous" intact.
Greetings from CyberZeist, This leak is totally devoted to the Anonymous Movement. Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top agencies including FBI: https://twitter.com/cyberzeist2/status/811926048266817536 The vulnerability is in the CMS's various python modules and is not discovered by me, I was assigned to test out the 0day vulnerability on FBI and Amnesty website: https://twitter.com/cyberzeist2/status/812653560336781312 Other Vulnerable websites include EU Agency for Network Information and Security along with Intellectual Property Rights Coordination Center: https://twitter.com/cyberzeist2/status/812641407512952836 Since the 0day vendor was too afraid to test it out on FBI himself, so I did it and the findings are published in the below sections. The interesting thing to see was that, media from many countries including Germany and Russia where publishing about the hack but none of the US based publishers had the courage to write a story against FBI hack (fear?). I was contacted by various sources to pass on the leaks to them that I obtained after hacking FBI.GOV but I denied all of them. Why? just because I was waiting for FBI to react on time. They didn't directly react and I don't know yet what are they upto, but at the time I was extracting my finds after hacking FBI.GOV, I was constantly presented with this screen, even when I normally visited the site: https://pixady.com/img/2017/01/701635_screenshot_from_20170101_002242.png
(Are they tracking me?) Anyway, while they where busy apparently in fixing the vulnerability, the Plone 0day was still working in their CMS backend, but they where hosting the site on a VM so I couldn't gain a root access (obviously!), but I was able to recon that they were running FreeBSD ver 6.2-RELEASE that dates back to 2007 with their own custom configurations. Their last reboot time was 15th December 2016 at 6:32 PM in the evening. While exploiting FBI.GOV, it was clearly evident that their webmaster had a very lazy attitude as he/she had kept the backup files (.bck extension) on that same folder where the site root was placed (Thank you Webmaster!), but still I didn't leak out the whole contents of the backup files, instead I tweeted out my findings and thought to wait for FBI's response: https://twitter.com/cyberzeist2/status/815141077233471488 https://twitter.com/cyberzeist2/status/815223886060978177 It was clearly evident by now that FBI would have known by this time that they are being actively compromised as many foreign media agencies where actively publishing their reports on this hack: https://deutsch.rt.com/newsticker/44630-fbi-webseite-gehackt/ https://lenta.ru/news/2016/12/23/le4ky http://www.depo.ua/ukr/svit/haker-zayaviv-shcho-zlamav-sayt-fbr-ssha-23122016172700 http://www.vladtime.ru/kriminalnie_novosti/530920 https://rg.ru/2016/12/23/haker-soobshchil-o-vzlome-sajta-fbr.html (Russians seem very much excited in publishing against USA ;D ) But till now I haven't seen a reaction from FBI or any of the US News Agencies regarding this hack that I announced on twitter in last 6 -7 days. As a result, I am publishing my findings that will interest many of the geeks and black-hat enthusiasts out there. I obviously cannot publish the 0day attack vector myself as it is being actively sold over tor network for bitcoins. So if you want the p0c or the attack vector itself, please find the 0day yourself over the tor N/W (find "lo4fer") or wait till the 0day is obsolete. Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself. Now moving on to the findings on the FBI.GOV site. I have leaked the FBI.GOV accounts that I found out several backup files (acc_102016.bck, acc_112016.bck, old_acc16.bck, etc) There may be many more backup files, but I couldn't get hold of them all because file name enumeration and guessing was taking too much time and FBI.GOV was experiencing a constant downtime error. I am still trying to enumerate more backup files and will continue to do so till FBI.GOV is patched. If I find more details then I will update this paste accordingly. The account details published below contain details in format - (email, SHA1 Encrypted Pass, SHA1 salt). Now something off-topic, I have been in the Anonymous scene since 2011 and at that time too I hacked FBI Accounts and details, which was copied by many wannabes over the years: http://news.softpedia.com/news/CyberZeist-Claims-to-Have-Gained-Access-to-Hundreds-of-Federal-Accounts-276384.shtml But at that time, I used spear phishing to harvest the account details and back then I was devoted for the anonymous movement. And once again I owned FBI and devoting this leak to Anonymous movement. I have also started a poll to cast your vote for my next target, the target getting the most votes will be hacked next: https://twitter.com/cyberzeist2/status/802485264748642304 Link to Vote: goo.gl/17gE9a I would also like to mention that, twitter has a bad tendency of suspending my accounts due the nature of my leaks like vulnerabilities in top banking corporations: (List of my hacks) Barclays & RBS Bank : https://www.scmagazineuk.com/lfi-vulnerability-allegedly-found-in-website-of-barclaysrbs/article/573599/ Tesco Bank Vulnerability : https://twitter.com/cyberzeist2/status/805017655694344192 Alaska Election Hack : https://www.cyberwarnews.info/2016/11/08/alaskan-elections-website-hacked-by-cyberzeist-2/ (Presidential Election 2016) MI5 Vulnerability : https://twitter.com/cyberzeist2/status/804313275982745600 DNC Hacks : http://gizmodo.com/hackers-claim-they-wiped-john-podestas-iphone-1787757594 (http://pastebin.com/fYCWmNGU) (for more lulz, view my tweets at - https://twitter.com/cyberzeist2) So in case my twitter account (twitter.com/cyberzeist2) is suspended again after this leak, then you can visit my pastebin account at - http://pastebin.com/u/CyberZeist2 Here you can find a way to get in touch with me or keep an eye on my next account if I get suspended. PS: I hold no responsibility on what you do with the accounts leaked below, just be as stealthy as possible ;) -- sail safe, pirate! ------------------------------------------------------------------------------------------------------------------------- (Email, Pass(SHA1 Encrypted), Salt): matthew.giacobbi@ic.fbi.gov - a374090d426651ef8a8338775378406eaf8bb294, bl3XNyDs62 erickbolt@ic.fbi.gov - 49ea1d8fc96f105e62f79f84c86f3189e385b960, 5wWCUipzt@ cywatch@ic.fbi.gov - 3f0291d3a60edb29cd6f168369fd8ae9581f65cd, ArSmrfIY8h sacramento@ic.fbi.gov - 971636691d06c3e641150ddd661db9a8517d0827, 69CwW$wePL kevin.oconnor@ic.fbi.gov - f0964c1bffaf353920e89b2da2799ce509b7cc42, inpG1N&RSC andrea.krauth@ic.fbi.gov - 129dad5ea12de65aafe750b92d7dfc494edadb62, @K0%lqNrAg justina.acayan@ic.fbi.gov - abc5d98fa429263c380491d19174f2e767c0e8fd, tZcIwAgvvO myloshia.robinson@ic.fbi.gov - 63236eedddbb3b803714c629323b2f2bf5fc25df, @Q590WwTK8 james.laflin@ic.fbi.gov - f4c6f59d534b67d338c18e4992f68e7b62594d0c, 8SDZ%kQZO6 washington.field@ic.fbi.gov - 7d47638011e6a12e343123e9f9740d70cbd459a8, 6TFKCzkJ1k j.colleen.brown@ic.fbi.gov - 00a084333f997849e38c353d08c670b2bc8404fa, FWRfO3t1Z5 lorraine.kratzer@ic.fbi.gov - 868bc98486968c23c0e34b1fdce6b0ae2b523f9b, jqqMPJytAH markgiuliano@ic.fbi.gov - c89751625dabc5699262727a62e8697600c1bee0, ZIgEp8JkwL andrew.mccabe@ic.fbi.gov - c4c261406f09f057f19ea816317e75b5d25cb9df, V$JrIwbVWF jason.pack@ic.fbi.gov - 841aabc3f1e09acf671e25ae84bf0a51a52b5f3d, z$vDVU4O65 daniel.garrabrant@ic.fbi.gov - ce1a3900f44ac96e4dc9707f69d8c1cdb0759937, kn2DfThA5H julie.rosploch@ic.fbi.gov - 854e9bba1fe309419663c51f0cd29b1406cd9096, cPPf%0hvLc celia.longoria@ic.fbi.gov - 1d0db1fef602ba79b4375520bdebe18055b85b05, ZCIaU$Xla2 joshua.campbell@ic.fbi.gov - 10e39531cda0e8478203f250ec41a4461130e6bd, USoEDJ@2&a shawn.scott@ic.fbi.gov - a981436d2b9ca8d8c4130fc9bd93a0131ee44a08, &c$gUzgtbh john.dziedzic@ic.fbi.gov - 46311ba2bee14b95749dd71ae0ae02f8bd7d4e70, v5n9Ek8lS1 kathleen.hotakainen@ic.fbi.gov - 777ef8c5bd9d947228b7732e23d0c5d2dda9cca2, KRmQuIhkC& richard.lara@ic.fbi.gov - 214039fd957891597dc731452cbe047a12c228da, ibDiay8MEE theresa.powell@ic.fbi.gov - 934bd6f879749ba66e7c46eb355f477f2504e799, jJk3Ngb#EV mueller.cv@ic.fbi.gov - 9746633027a1e45a21fba5e02a476edd35ea2fa0, jzVxsuP4%S marc.cappellini@ic.fbi.gov - 7d3d3978c540e72a57fc7ad644da4cadd4f01f17, pLh4SxCW0t ron.avila@ic.fbi.gov - ef1da87cc7abdb956a2ec3614f532b5da263953a, @amk8qVBiY leoka.statistics@ic.fbi.gov - 488c7eb05d7b7e6abe7f0c11c7dc20dfd310aab7, btl4!DUw48 jeanette.harper@ic.fbi.gov - c49b7ad104f0e68cfea7ba3da3205feeb930dcda, cEt1oAGiUY selwyn.jamison@ic.fbi.gov - 2dad125c0c244a8cad69951515ecdeb75b0b1daa, OU5JmVw1R& craig.betbeze@ic.fbi.gov - 762a4d4bc0c6cdd0a2bcf6b7c7e125f35cb3bb88, IrxpnX390I bdc@ic.fbi.gov - 302daef773e9d85087924a8b970d0dc00192712a, VZhbpLX$xl renee.blei@ic.fbi.gov - 76cbeddf273fafb5fd71a8afdd98f2b8254af0fc, VvnYe1n9NT sanantonio@ic.fbi.gov - 1c7c587cb86945f0025b60501faeaf83f1278b08, wvD3v7&G3N james.olson@ic.fbi.gov - 04739af0f97d9be4480be4c753b94780e4079f53, wTLy5cXqMb memphis@ic.fbi.gov - 6aba3a9229091971786f8f931d34c8aa97f4e0ef, gjIEyg&%z6 joseph.mcqueen@ic.fbi.gov - 2077bc579facdf699451680b5cba0eb3a2712be5, 3VR%ZTaBnV sherri.funk@ic.fbi.gov - 786d27cc983da7a5e03181ad5c909a6aab38b085, SplzDfKerK birmingham@ic.fbi.gov - 07d0c4de383d1ca9af29b05ffafd400b60604022, !p35WAjOHx sandra.carroll@ic.fbi.gov - 0a94bb6e2749e1dc38f5317597145dad1f911945, hPbslpxtbF kara.sidener@ic.fbi.gov - 2dd4a0bf027a7861630d445c522bd733633ab9f3, @FJ15mSK9q roahn.wynar@ic.fbi.gov - 79aea73c29db2a9b10dfeb6587629332395487be, XmxT3xKpaN romel.velasco@ic.fbi.gov - 2335fb51201d4c89e21341fefbb22746acfc70c1, ODUbebk3Aw stephen.fischer@ic.fbi.gov - 32e42707b8deb2f85a9858da8b987e15f7396b63, c9u93ZG4lq christopher.allen@ic.fbi.gov - ebd9a457826bf43ced9a5befe20e9ae9738c0e47, tZ!91IFpM% nevine.aziz@ic.fbi.gov - 4832e5257fb38a96d492e9d417be5462a1d1b2d2, jcusJ&!NsQ douglas.leff@ic.fbi.gov - 77015ca946ed1b918dfe799a31650bdd8c96b3d7, beFSAnz4XK david.rubincam@ic.fbi.gov - b116d9a2b033621a3149dc3e8b922da5fb15a41b, pJKWG8sw5K robert.gladwin@ic.fbi.gov - 48055a7419b9b257a0fa3a95bf7e88591e323237, bCqrq97Qja buffalo@ic.fbi.gov - c163359706762613ffeddd2e9fc73f0f05976da1, l!foFch#hf shawn.vanslyke@ic.fbi.gov - b93da8c43761efa14f80484a0737ef5e9c120055, rXOFKZIcOq yolanda.loya@ic.fbi.gov - 2464504af6bdd9eb6ff1326c2e203201eae3f307, Cfow0zWLTf jeffery.barnes@ic.fbi.gov - 6a679817a99654dedf9adce420546b14e864885d, P6W%1KMHY! minneapolis@ic.fbi.gov - f63e423e3b4af1a7a56f39bf9569de7002839da0, HXNM98xCSz catherine.milhoan@ic.fbi.gov - 842e6dfcd901cbe299fb60d784bb449ef14943d0, gx8KJ7Tc!h troy.smith@ic.fbi.gov - aa96c55df4fb94b964fd228d776e5b23ec2c6ce6, z$zWtGi5nT john.bonhage@ic.fbi.gov - aa77efe17dcb8ccfb6fc9711ae5dae2750f17f03, QbKQDl6$lT rita.willis@ic.fbi.gov - a9072bd807727b72673c70a611f22471c4b5b9ce, YwiEbuC6pw jenny.shearer@ic.fbi.gov - 620045db79a0f3cd05a82a016e60588afa99f0ae, tSKX9qVUY# paul.konschak@ic.fbi.gov - e4dbdc143dd6e5655809c91b3039b48c95ec0dc6, r9skX6gm4Z aguirre@ic.fbi.gov - 4eaf84abdf997c8929345ef0b7c3d9b11b265cf5, NnX!$yMcJH colleen.moss@ic.fbi.gov - 87330b7a0e8ce3f61f44afd77755e3a2e1974320, Nxau4c50hv rpo_recruiting@ic.fbi.gov - cbbe26d7b5e1ef006b2e361d6b0014e0cb71de75, A2F3uW#xj2 sos_program@ic.fbi.gov - a51bc727e9e68d56c5f6fd9219f7e7b280f7727a, 2r!X!O@nz3 seattle.fbi@ic.fbi.gov - 8a7cc1f9bf3e03cd59012e854f6d8d4e32af655b, Z4nY9CSzRK james.comey@ic.fbi.gov - 379e6f1412a001421ad91e491b280c608c8005f9, EI%oo9cIvQ jennifer.unger@ic.fbi.gov - 38538e6163b460767bb0c72caeba0a5ac5ee057f, yav36kU%XS maureen.bradley@ic.fbi.gov - dbb87004d3508397a523bafd23e616fa80055c42, i3lDyzc2et bruce.hartung@ic.fbi.gov - 631f4dc5028a62966e4ad8b02db621c5ebf49004, GCrNxX7521 mark.levett@ic.fbi.gov - c23a4b1a11781de8240c2d13527e139c60495462, JgxKbbPFOo david.porter@ic.fbi.gov - 7c1b4d9f4446019ae78afe8370d3b89e1c4ffd28, B70#c2@7XB josephine.vandervoort@ic.fbi.gov - 908a2e0a6ccb5ff9071fbac003d94cd321c09dc2, xWaqSZ61OP pctips@ic.fbi.gov - 4a59841119dfabeb1d439777ed0534da874956af, nlPZ6pqBX$ wfocop@ic.fbi.gov - 56b5e2a4f7e1e05b2ffdc6ff5f4bdcdc617d3d33, ovUObrxIno tampa.division@ic.fbi.gov - 7a1927404ff9dec09e5fe323eeea1cd783eb665a, bgDNUXK#eZ kevin.swindon@ic.fbi.gov - a2c43f0300db37622c36ea204150fe3acc3f4802, #gnE8tShw6 matthew.braverman@ic.fbi.gov - 7cb4a35fd158db25bb3c0cdf297c1627b9506066, 8m#$G2Z41% richmond@ic.fbi.gov - 966e292f454ef397e1b8d5a02d97208a9d7de1d1, AjunCC7Cfy omaha@ic.fbi.gov - b53ac5bbe0c4f45dbf95a524e837698b51c5d4a2, C0wjXx8o7H theresa.griffiths@ic.fbi.gov - 36a07aafd122b4b84854c71d7a15eaffde112874, mMXQ@n&rc6 larry.freeland@ic.fbi.gov - 715854e2d532e4e446627e40e859cd0fe5feb28e, vj$R#DsA01 tracy.klein@ic.fbi.gov - 8384f4d2af93322e76600c791e2648d0ad078ed2, ni56sUe3Fy spp.bf@ic.fbi.gov - 5be21ba83176d9a3607b48c5cbc017c20f475a01, 76@xnXON@# john.samaha@ic.fbi.gov - d4dfe16b90c224e691177fcae37a7d81ba106d02, ulfHffvWg1 roseliejean.custodio@ic.fbi.gov - 5ef7de3d192091fe5970ebd0f0115a80273179af, OEX8%tWuJS janice.stout@ic.fbi.gov - b01af6a732f2f4ed7323e4aa2d0c54a7dc69f5cb, f%WuymlaJX shannon.regil@ic.fbi,gov - bcc63efb852ded0984e79512012631795aae6ac9, #HQzWUTlLs joshua.canter@ic.fbi.gov - 8970e9442ff1009d26185e4486916ff3fd9d6bb2, UMtXlzPW01 little.rock@ic.fbi.gov - 31513d6b4b562fff82f2fee4ea3e354dac6f0189, 0A7n7g0ny2 geronimo.garcia@ic.fbi.gov - a27ff20a90856644454c2279c3e107cb41077c79, 5qz5ROLt40 todd.werth@ic.fbi.gov - f4cf3604b2a476b7c56ad51acf2b8994a1f194f4, TIPBBTF7@g patricia.villafranca@ic.fbi.gov - 117d1bfe3cb929bb93142205f6728deaa1695a29, Nixifs!4TD chicago@ic.fbi.gov - ce4ed740399979c4d069d1f0b5f2246c20383b9f, nkE$SQ!EHH michelle.lee@ic.fbi.gov - 4a9e42e8768d298667a0ebc4f9a355f43945eb67, XEA%zVZlLr springfield@ic.fbi.gov - 02058c2c88363309f7f0d18b2805053f6e0b7cc1, hBpvkB0r9Z megan.moffitt@ic.fbi.gov - d81205b33a70e45b57947a49bea9addc1b91e79f, W%GMze98hk anita.shah@ic.fbi.gov - 024fc46aaa9426c83277394233a0502594236036, wUgZ&7!xwW san.francisco@ic.fbi.gov - b9dbcd90f451d4048224b9054ca5a3767ecf0702, Z7kwq4Fe$q paul.vitchock@ic.fbi.gov - 2f5af022db2ba7bb222f7ef99e9c66bf132a3298, nWHvo$@mFl newhaven@ic.fbi.gov - e899f07f44e4e99bcafc61b42859409139768f66, pvZ4zK1yF3 carrie.sawicki@ic.fbi.gov - 1e517cd8c17fdcd2a49495acbe84130f7fbf2a36, EDFnz3mHeT sonia.hunt@ic.fbi.gov - 899ff1b7db52757c0fdfb83411aca8804fbb7872, F3mfsbaptg augenbaum@ic.fbi.gov - c7b3e98d98b330a0052c3ed13ed423ea5abf6f82, &ATLUE9C1j kimberly.brown@ic.fbi.gov - 2385512bc4b25362f479138ca585b48f124cf986, CVvuRtu#cL benjamin.stone@ic.fbi.gov - 0924fe2af2675c22f47f22f9c9e7b6b4b83a770c, ARvYrmIuMj juanita.miller@ic.fbi.gov - 94018ab41195e74600669412281b5cbb7d9a0822, k4&VI$vxUn edward.you@ic.fbi.gov - 1d3fefe83ee716b1ec8b048055cff2f83b2c538d, z1Kok1mqIf niall.brennan@ic.fbi.gov - 9eb855386ad7f6e3c926dedfafcde0c238d32c28, BZ88L$!coz janel.lobur@ic.fbi.gov - 3a0cdcada6100e09f1a6fe29519a1d024bfcc1a5, &Iy76AqmwL phoenix@ic.fbi.gov - 66ff9437bc568668e87d5ff1506a76f22340a8f7, v$bRGHE9mU john.whalen@ic.fbi.gov - 8096acd5503d9341bccfd8cefb54590f44b8bf27, A3qC@$kYT5 scranton.complaints@ic.fbi.gov - 50babae3c083816984c581a1b58f28bebcd00d0d, w%YKw8JY8x richard.vorderbruegge@ic.fbi.gov - acf3a56eab392ac38518c4bdc012ded08c6977f7, $ll8j%&k4u boston@ic.fbi.gov - 8134ec97538322f97b2e8d2f29fa72269d79fab5, wqxayJSIyg kansas.city@ic.fbi.gov - 5bc16813e41e0b3b5d093d05e1a3dcda6f1dd340, CquYpfObfe diana.wright@ic.fbi.gov - 1829c810c31c1bdfbb6a1597bb4c797e1333747d, tJD#NXHPyJ william.mckinsey@ic.fbi.gov - f35681148b6c311c4e2ab6bd0f2ea8bd54c7421a, 3XmH$!&8Fl jerry.varnell@ic.fbi.gov - 47f5b56179bcb413987ae27a151fb342ca5493d9, I4mo2D9Dyu brian.abellera@ic.fbi.gov - 4c65035405bb295ce60f9edce01858adae9e9159, 6%%6zEI$Bk philip.wright@ic.fbi.gov - 6fcdf84ec4194b8e78f19b578a36299a3971e9be, UrQEAUsko6 gerald.reichard@ic.fbi.gov - 628dd18faf3fc5194c6a72ba7503beefaa75edf9, f#ZXSlL2ZJ diego.redondo@ic.fbi.gov - ae1ed0cee50c20cd0dae229364f95fc8335598b6, Xpav2at5uA premiercru.complaints@ic.fbi.gov - d704d458f437bb5f39969dfb669248588d1d1c94, ysgYhsfHCO michele.ernst@ic.fbi.gov - 27d85dcd7c8c27f544ff2dddff5d051b240b054c, l#X6TLT@ex brandi.herron@ic.fbi.gov - 8b579280793c890f02c30bd53922727ce3bd03fe, D@tsSytF@@ thomas.callaghan@ic.fbi.gov - 7ed5dcbc3d6810a7fa73f6c631876e6b0dbf5eb0, jnzbTSQphh nicky.megna@ic.fbi.gov - 66b68dd56e64598649f050f9f013b82f92defa5e, aQh8uGssBg karey.kirkpatrick@ic.fbi.gov - 6ed898fdd3e9834bd72f8d7ef5599b3afe7de338, NrbAoyUV#S kimberly.delgreco@ic.fbi.gov - e483ae26d1781373186c6f573df54dd8a9634922, a1vEgcuAW@ peter.murphy@ic.fbi.gov - 0c1a2bddb61417d190b2825d847735b34c9be7ec, VUm&oykAj$ maureen.bottrell@ic.fbi.gov - 8034467595ebe189bf02ef3c0647708212778c5d, THEG&n!$1i ndcac@ic.fbi.gov - b9766e504f81f262266835b72100c0615c8a66c3, YOgvu!Ae6Z richard.vanantwerp@ic.fbi.gov - dd2ae399f170424da93dfe8b7af6abccc1306259, Qgljgmx4xx andrea.firpo@ic.fbi.gov - 86c7b685c2a456b36527be8dc5896940f8b0fe30, 2vghkpMn#j marc.lebeau@ic.fbi.gov - 5d18dde31637bcb05cec71aecd3c9ce4ee0dcc49, 8lsc9lTDK$ timothy.marsh@ic.fbi.gov - 32ef3de0d5963fbfa532104637cd9dc0bf7ac3e1, veHhHqmp$! joline.caron@ic.fbi.gov - 202eb6649c6d303a22cd84fd73a39351bd108d89, ovJ!X&H1!9 tracey.chase@ic.fbi.gov - 51be429365c9a3bc6978353eb3266e09ca180374, tFOZYOM1LJ houston@ic.fbi.gov - 46dc3051c6e41e102badd0bbcae11348dd8dbd84, B5N&ncZ!A# david.pennypacker@ic.fbi.gov - c7eb4288e65b8c238509d72fdfb6fa8a998375b4, $VKhwgXxzk nsf_grip@ic.fbi.gov - fed6539fd185777af29d2351d46731f0109fb7a3, 65b@DTuRxm stephen.morris@ic.fbi.gov - 9890cc963feac6148dc6d95a6231f95132cbe324, JhvSWReA3z kevin.parker2@ic.fbi.gov - 28e59ebcfe8d5bb87539429a2f127f128ae4c667, s2ZN5UvuSZ justin.cook@ic.fbi.gov - f65215e9032241be781ffb5c6d4ad481354606b9, y2HHT!pkfv portland@ic.fbi.gov - 88e6bdba742905ea22ae84d33a16529811795f35, 60KEPF&uOQ john.brown@ic.fbi.gov - 91e82e63ed9193a0dfaae964c029bbca472d854d, jYtzWyiGH7 troy.murdock@ic.fbi.gov - 03fda83ac4754ae97c48e1a765ccaca19d9f0a0e, cbNb7rLjJs jay.darin@ic.fbi.gov - 25d4d29179c80b2f4c0d49fd539bb7d06883f65b, G%mtkgormA jaime.aguirre@ic.fbi.gov - 6f6313bae201b8c9dd9cf1574ef8e2f1099a5d7f, HNDfoUiCiW james.wynne@ic.fbi.gov - 8cddc9065f22f37f9385985a82a29aba03a9cfb5, yKKsCKDtm daniel.clegg@ic.fbi.gov - c580e2a16d9d21683aa2e41cb8366ad451bdfdb9, TcwDozV&Y9 eyad.abusway@ic.fbi.gov - 7ebd7f87c44e6be63f6658e8b1f334f67c066756, exK&zHh74M keenan.robinson@ic.fbi.gov - 53041e8c4362198cd4c551b1ca8a08ccb4cfbf1d, HE7fQBhPVr susan.brandon@ic.fbi.gov - ef6df817ae60e81251dd98b40965dcaeec9d8089, %B1UX77JL4 david.chaves@ic.fbi.gov - 82b2d6fbf39ebf484bb86e9524abca101a8245f3, QhQi6Zw3y4 sandra.garcia@ic.fbi.gov - f98696466ed5b4b5dab765a7b124662105e4012c, uQ8P%uXH@m -- Put forward by CyberZeist for Anonymous https://twitter.com/cyberzeist2 Do not forget to vote at goo.gl/17gE9a and follow me for more upcoming lulz!!
I am being contacted by many media agencies with weird questions related to the recent FBI hack released on 1st January 2017 - http://pastebin.com/5vwz6Wj4
ReplyDeleteThis statement is a justification for all those questions.
----------------------------------------------------------
Many news outlets are asking me questions like my primary goal was to degrade the image of the organization behind Plone CMS development as it is considered as the most secured CMS till date with no vulnerability at all. This question is totally irrelevant as I have been in hacking scene since 2011 working under "Anonymous" umbrella and I hack the targets purely out of my own motivation. So, I am not influenced by any organization that wants to degrade the Image of Plone Organization.I just leaked out the details that I received after using the attack vector. I am not aware of any technical details of how Plone works internally. So please, do not ask me the technical details related to the inner workings of this CMS, you can test and see for yourself once I release the 0day vector.
Also, stating that Plone CMS and its derivatives (currently used by FBI) are 100% hack proof is false as they had a few vulnerabilities in the past -
https://www.exploit-db.com/exploits/38738/
https://www.exploit-db.com/exploits/18262/
https://www.exploit-db.com/exploits/27630/
https://www.cvedetails.com/vulnerability-list/vendor_id-4313/Plone.html
(these may be old, but the current 0day is closely related to them. The 0day I was given to test out was specifically for Local File Inclusion and Path Traversal exploits)
Regarding Plone 0day validity:
------------------------------
Secondly, I am being asked to release the 0day Plone CMS vulnerability to prove its credibility and validity. First of all, as I have already stated that I am not the one who discovered this 0day myself. I was contacted by a 0day vendor with handle "lo4fer" over tor network who asked me to test out the 0day on active websites using Plone and its DERIVATIVES. The FBI hack was done to test out the vulnerability. So I cannot disclose the 0day vector myself unless this exploit is not being actively sold or is rendered obsolete. Thus I will release the 0day myself via twitter and few selected security news portals once this 0day is not on sale or is rendered obsolete. So please wait for few days, once this 0day is obsolete, I will release the 0day as a proof of validity. I cannot break the negotiation code and release the 0day myself at this point as the vendor shared the 0day in exchange of my real identity as a token while handing the 0day vector to me.
PS: Please stop blaming the people who are not involved in this hack, I alone have the sole responsibility to prove the validity of this 0day and NOT ANYONE ELSE!!!!
Lastly, I want to add that I could have released this leak only under my name and not under the name of ANONYMOUS. This was done to revive the lost image of Anonymous which has gone silent since last few years. And I am grateful that I received good amount of support from the Anonymous Family as the mainstream media declined to even publish the hacks in first place. http://pastebin.com/mAtBHqPR