January 21, 2017

New Year wishes from Anonymous - FBI Hacked and Leaked

CYBERZEIST2
                                  VOTE FOR THE NEXT TARGET - goo.gl/17gE9a
             Shout-out to TruthIzSexy (twitter.com/TruthIzSexy) for keeping the soul of "Anonymous" intact.
Greetings from CyberZeist,
This leak is totally devoted to the Anonymous Movement. 
Going back to 22nd December 2016, I tweeted about a 0day vulnerability in Plone CMS which is considered as the most secure CMS till date. This CMS is used by many top
agencies including FBI:
https://twitter.com/cyberzeist2/status/811926048266817536

The vulnerability is in the CMS's various python modules and is not discovered by me, I was assigned to test out the 0day vulnerability on FBI and Amnesty website:
https://twitter.com/cyberzeist2/status/812653560336781312

Other Vulnerable websites include EU Agency for Network Information and Security along with Intellectual Property Rights Coordination Center:
https://twitter.com/cyberzeist2/status/812641407512952836

Since the 0day vendor was too afraid to test it out on FBI himself, so I did it and the findings are published in the below sections. The interesting thing to see was that, media from many
countries including Germany and Russia where publishing about the hack but none of the US based publishers had the courage to write a story against FBI hack (fear?).

I was contacted by various sources to pass on the leaks to them that I obtained after hacking FBI.GOV but I denied all of them. Why? just because I was waiting for FBI to
react on time. They didn't directly react and I don't know yet what are they upto, but at the time I was extracting my finds after hacking FBI.GOV,
I was constantly presented with this screen, even when I normally visited the site:
https://pixady.com/img/2017/01/701635_screenshot_from_20170101_002242.png
(Are they tracking me?)

Anyway, while they where busy apparently in fixing the vulnerability, the Plone 0day was still working in their CMS backend, but they where hosting the site on a VM so
I couldn't gain a root access (obviously!), but I was able to recon that they were running FreeBSD ver 6.2-RELEASE that dates back to 2007 with their own custom
configurations. Their last reboot time was 15th December 2016 at 6:32 PM in the evening.
While exploiting FBI.GOV, it was clearly evident that their webmaster had a very lazy attitude as he/she had kept the backup files (.bck extension) on that same folder 
where the site root was placed (Thank you Webmaster!), but still I didn't leak out the whole contents of the backup files, instead I tweeted out my findings and thought to
wait for FBI's response:

https://twitter.com/cyberzeist2/status/815141077233471488
https://twitter.com/cyberzeist2/status/815223886060978177

It was clearly evident by now that FBI would have known by this time that they are being actively compromised as many foreign media agencies where actively publishing 
their reports on this hack:

https://deutsch.rt.com/newsticker/44630-fbi-webseite-gehackt/
https://lenta.ru/news/2016/12/23/le4ky
http://www.depo.ua/ukr/svit/haker-zayaviv-shcho-zlamav-sayt-fbr-ssha-23122016172700
http://www.vladtime.ru/kriminalnie_novosti/530920
https://rg.ru/2016/12/23/haker-soobshchil-o-vzlome-sajta-fbr.html
(Russians seem very much excited in publishing against USA ;D )

But till now I haven't seen a reaction from FBI or any of the US News Agencies regarding this hack that I announced on twitter in last 6 -7 days.
As a result, I am publishing my findings that will interest many of the geeks and black-hat enthusiasts out there. I obviously cannot publish the 0day attack vector myself as
it is being actively sold over tor network for bitcoins. So if you want the p0c or the attack vector itself, please find the 0day yourself over the tor N/W (find "lo4fer") or wait till the 0day is
obsolete. Once this 0day is no longer being sold, I will tweet out the Plone CMS 0day attack vector myself.

Now moving on to the findings on the FBI.GOV site. I have leaked the FBI.GOV accounts that I found out several backup files (acc_102016.bck, acc_112016.bck, old_acc16.bck, etc)
There may be many more backup files, but I couldn't get hold of them all because file name enumeration and guessing was taking too much time and FBI.GOV was 
experiencing a constant downtime error. I am still trying to enumerate more backup files and will continue to do so till FBI.GOV is patched. If I find more details then I will 
update this paste accordingly. The account details published below contain details in format - (email, SHA1 Encrypted Pass, SHA1 salt).

Now something off-topic, I have been in the Anonymous scene since 2011 and at that time too I hacked FBI Accounts and details, which was copied by many wannabes over the years:
http://news.softpedia.com/news/CyberZeist-Claims-to-Have-Gained-Access-to-Hundreds-of-Federal-Accounts-276384.shtml

But at that time, I used spear phishing to harvest the account details and back then I was devoted for the anonymous movement. And once again I owned FBI and devoting
this leak to Anonymous movement.

I have also started a poll to cast your vote for my next target, the target getting the most votes will be hacked next:
https://twitter.com/cyberzeist2/status/802485264748642304

Link to Vote: goo.gl/17gE9a

I would also like to mention that, twitter has a bad tendency of suspending my accounts due the nature of my leaks like vulnerabilities in top banking corporations:

(List of my hacks)
Barclays & RBS Bank : https://www.scmagazineuk.com/lfi-vulnerability-allegedly-found-in-website-of-barclaysrbs/article/573599/
Tesco Bank Vulnerability : https://twitter.com/cyberzeist2/status/805017655694344192
Alaska Election Hack : https://www.cyberwarnews.info/2016/11/08/alaskan-elections-website-hacked-by-cyberzeist-2/ (Presidential Election 2016)
MI5 Vulnerability : https://twitter.com/cyberzeist2/status/804313275982745600
DNC Hacks : http://gizmodo.com/hackers-claim-they-wiped-john-podestas-iphone-1787757594 (http://pastebin.com/fYCWmNGU)
(for more lulz, view my tweets at - https://twitter.com/cyberzeist2)

So in case my twitter account (twitter.com/cyberzeist2) is suspended again after this leak, then you can visit my pastebin account at - http://pastebin.com/u/CyberZeist2
Here you can find a way to get in touch with me or keep an eye on my next account if I get suspended.

PS: I hold no responsibility on what you do with the accounts leaked below, just be as stealthy as possible ;) -- sail safe, pirate!
-------------------------------------------------------------------------------------------------------------------------

(Email, Pass(SHA1 Encrypted), Salt):
matthew.giacobbi@ic.fbi.gov - a374090d426651ef8a8338775378406eaf8bb294, bl3XNyDs62
erickbolt@ic.fbi.gov - 49ea1d8fc96f105e62f79f84c86f3189e385b960, 5wWCUipzt@
cywatch@ic.fbi.gov - 3f0291d3a60edb29cd6f168369fd8ae9581f65cd, ArSmrfIY8h
sacramento@ic.fbi.gov - 971636691d06c3e641150ddd661db9a8517d0827, 69CwW$wePL
kevin.oconnor@ic.fbi.gov - f0964c1bffaf353920e89b2da2799ce509b7cc42, inpG1N&RSC
andrea.krauth@ic.fbi.gov - 129dad5ea12de65aafe750b92d7dfc494edadb62, @K0%lqNrAg
justina.acayan@ic.fbi.gov - abc5d98fa429263c380491d19174f2e767c0e8fd, tZcIwAgvvO
myloshia.robinson@ic.fbi.gov - 63236eedddbb3b803714c629323b2f2bf5fc25df, @Q590WwTK8
james.laflin@ic.fbi.gov - f4c6f59d534b67d338c18e4992f68e7b62594d0c, 8SDZ%kQZO6
washington.field@ic.fbi.gov - 7d47638011e6a12e343123e9f9740d70cbd459a8, 6TFKCzkJ1k
j.colleen.brown@ic.fbi.gov - 00a084333f997849e38c353d08c670b2bc8404fa, FWRfO3t1Z5
lorraine.kratzer@ic.fbi.gov - 868bc98486968c23c0e34b1fdce6b0ae2b523f9b, jqqMPJytAH
markgiuliano@ic.fbi.gov - c89751625dabc5699262727a62e8697600c1bee0, ZIgEp8JkwL
andrew.mccabe@ic.fbi.gov - c4c261406f09f057f19ea816317e75b5d25cb9df, V$JrIwbVWF
jason.pack@ic.fbi.gov - 841aabc3f1e09acf671e25ae84bf0a51a52b5f3d, z$vDVU4O65
daniel.garrabrant@ic.fbi.gov - ce1a3900f44ac96e4dc9707f69d8c1cdb0759937, kn2DfThA5H
julie.rosploch@ic.fbi.gov - 854e9bba1fe309419663c51f0cd29b1406cd9096, cPPf%0hvLc
celia.longoria@ic.fbi.gov - 1d0db1fef602ba79b4375520bdebe18055b85b05, ZCIaU$Xla2
joshua.campbell@ic.fbi.gov - 10e39531cda0e8478203f250ec41a4461130e6bd, USoEDJ@2&a
shawn.scott@ic.fbi.gov - a981436d2b9ca8d8c4130fc9bd93a0131ee44a08, &c$gUzgtbh
john.dziedzic@ic.fbi.gov - 46311ba2bee14b95749dd71ae0ae02f8bd7d4e70, v5n9Ek8lS1
kathleen.hotakainen@ic.fbi.gov - 777ef8c5bd9d947228b7732e23d0c5d2dda9cca2, KRmQuIhkC&
richard.lara@ic.fbi.gov - 214039fd957891597dc731452cbe047a12c228da, ibDiay8MEE
theresa.powell@ic.fbi.gov - 934bd6f879749ba66e7c46eb355f477f2504e799, jJk3Ngb#EV
mueller.cv@ic.fbi.gov - 9746633027a1e45a21fba5e02a476edd35ea2fa0, jzVxsuP4%S
marc.cappellini@ic.fbi.gov - 7d3d3978c540e72a57fc7ad644da4cadd4f01f17, pLh4SxCW0t
ron.avila@ic.fbi.gov - ef1da87cc7abdb956a2ec3614f532b5da263953a, @amk8qVBiY
leoka.statistics@ic.fbi.gov - 488c7eb05d7b7e6abe7f0c11c7dc20dfd310aab7, btl4!DUw48
jeanette.harper@ic.fbi.gov - c49b7ad104f0e68cfea7ba3da3205feeb930dcda, cEt1oAGiUY
selwyn.jamison@ic.fbi.gov - 2dad125c0c244a8cad69951515ecdeb75b0b1daa, OU5JmVw1R&
craig.betbeze@ic.fbi.gov - 762a4d4bc0c6cdd0a2bcf6b7c7e125f35cb3bb88, IrxpnX390I
bdc@ic.fbi.gov - 302daef773e9d85087924a8b970d0dc00192712a, VZhbpLX$xl
renee.blei@ic.fbi.gov - 76cbeddf273fafb5fd71a8afdd98f2b8254af0fc, VvnYe1n9NT
sanantonio@ic.fbi.gov - 1c7c587cb86945f0025b60501faeaf83f1278b08, wvD3v7&G3N
james.olson@ic.fbi.gov - 04739af0f97d9be4480be4c753b94780e4079f53, wTLy5cXqMb
memphis@ic.fbi.gov - 6aba3a9229091971786f8f931d34c8aa97f4e0ef, gjIEyg&%z6
joseph.mcqueen@ic.fbi.gov - 2077bc579facdf699451680b5cba0eb3a2712be5, 3VR%ZTaBnV
sherri.funk@ic.fbi.gov - 786d27cc983da7a5e03181ad5c909a6aab38b085, SplzDfKerK
birmingham@ic.fbi.gov - 07d0c4de383d1ca9af29b05ffafd400b60604022, !p35WAjOHx
sandra.carroll@ic.fbi.gov - 0a94bb6e2749e1dc38f5317597145dad1f911945, hPbslpxtbF
kara.sidener@ic.fbi.gov - 2dd4a0bf027a7861630d445c522bd733633ab9f3, @FJ15mSK9q
roahn.wynar@ic.fbi.gov - 79aea73c29db2a9b10dfeb6587629332395487be, XmxT3xKpaN
romel.velasco@ic.fbi.gov - 2335fb51201d4c89e21341fefbb22746acfc70c1, ODUbebk3Aw
stephen.fischer@ic.fbi.gov - 32e42707b8deb2f85a9858da8b987e15f7396b63, c9u93ZG4lq
christopher.allen@ic.fbi.gov - ebd9a457826bf43ced9a5befe20e9ae9738c0e47, tZ!91IFpM%
nevine.aziz@ic.fbi.gov - 4832e5257fb38a96d492e9d417be5462a1d1b2d2, jcusJ&!NsQ
douglas.leff@ic.fbi.gov - 77015ca946ed1b918dfe799a31650bdd8c96b3d7, beFSAnz4XK
david.rubincam@ic.fbi.gov - b116d9a2b033621a3149dc3e8b922da5fb15a41b, pJKWG8sw5K
robert.gladwin@ic.fbi.gov - 48055a7419b9b257a0fa3a95bf7e88591e323237, bCqrq97Qja
buffalo@ic.fbi.gov - c163359706762613ffeddd2e9fc73f0f05976da1, l!foFch#hf
shawn.vanslyke@ic.fbi.gov - b93da8c43761efa14f80484a0737ef5e9c120055, rXOFKZIcOq
yolanda.loya@ic.fbi.gov - 2464504af6bdd9eb6ff1326c2e203201eae3f307, Cfow0zWLTf
jeffery.barnes@ic.fbi.gov - 6a679817a99654dedf9adce420546b14e864885d, P6W%1KMHY!
minneapolis@ic.fbi.gov - f63e423e3b4af1a7a56f39bf9569de7002839da0, HXNM98xCSz
catherine.milhoan@ic.fbi.gov - 842e6dfcd901cbe299fb60d784bb449ef14943d0, gx8KJ7Tc!h
troy.smith@ic.fbi.gov - aa96c55df4fb94b964fd228d776e5b23ec2c6ce6, z$zWtGi5nT
john.bonhage@ic.fbi.gov - aa77efe17dcb8ccfb6fc9711ae5dae2750f17f03, QbKQDl6$lT
rita.willis@ic.fbi.gov - a9072bd807727b72673c70a611f22471c4b5b9ce, YwiEbuC6pw 
jenny.shearer@ic.fbi.gov - 620045db79a0f3cd05a82a016e60588afa99f0ae, tSKX9qVUY#
paul.konschak@ic.fbi.gov - e4dbdc143dd6e5655809c91b3039b48c95ec0dc6, r9skX6gm4Z
aguirre@ic.fbi.gov - 4eaf84abdf997c8929345ef0b7c3d9b11b265cf5, NnX!$yMcJH
colleen.moss@ic.fbi.gov - 87330b7a0e8ce3f61f44afd77755e3a2e1974320, Nxau4c50hv
rpo_recruiting@ic.fbi.gov - cbbe26d7b5e1ef006b2e361d6b0014e0cb71de75, A2F3uW#xj2
sos_program@ic.fbi.gov - a51bc727e9e68d56c5f6fd9219f7e7b280f7727a, 2r!X!O@nz3
seattle.fbi@ic.fbi.gov - 8a7cc1f9bf3e03cd59012e854f6d8d4e32af655b, Z4nY9CSzRK
james.comey@ic.fbi.gov - 379e6f1412a001421ad91e491b280c608c8005f9, EI%oo9cIvQ
jennifer.unger@ic.fbi.gov - 38538e6163b460767bb0c72caeba0a5ac5ee057f, yav36kU%XS
maureen.bradley@ic.fbi.gov - dbb87004d3508397a523bafd23e616fa80055c42, i3lDyzc2et
bruce.hartung@ic.fbi.gov - 631f4dc5028a62966e4ad8b02db621c5ebf49004, GCrNxX7521
mark.levett@ic.fbi.gov - c23a4b1a11781de8240c2d13527e139c60495462, JgxKbbPFOo
david.porter@ic.fbi.gov - 7c1b4d9f4446019ae78afe8370d3b89e1c4ffd28, B70#c2@7XB
josephine.vandervoort@ic.fbi.gov - 908a2e0a6ccb5ff9071fbac003d94cd321c09dc2, xWaqSZ61OP
pctips@ic.fbi.gov - 4a59841119dfabeb1d439777ed0534da874956af, nlPZ6pqBX$
wfocop@ic.fbi.gov - 56b5e2a4f7e1e05b2ffdc6ff5f4bdcdc617d3d33, ovUObrxIno
tampa.division@ic.fbi.gov - 7a1927404ff9dec09e5fe323eeea1cd783eb665a, bgDNUXK#eZ
kevin.swindon@ic.fbi.gov - a2c43f0300db37622c36ea204150fe3acc3f4802, #gnE8tShw6
matthew.braverman@ic.fbi.gov - 7cb4a35fd158db25bb3c0cdf297c1627b9506066, 8m#$G2Z41%
richmond@ic.fbi.gov - 966e292f454ef397e1b8d5a02d97208a9d7de1d1, AjunCC7Cfy
omaha@ic.fbi.gov - b53ac5bbe0c4f45dbf95a524e837698b51c5d4a2, C0wjXx8o7H
theresa.griffiths@ic.fbi.gov - 36a07aafd122b4b84854c71d7a15eaffde112874, mMXQ@n&rc6
larry.freeland@ic.fbi.gov - 715854e2d532e4e446627e40e859cd0fe5feb28e, vj$R#DsA01
tracy.klein@ic.fbi.gov - 8384f4d2af93322e76600c791e2648d0ad078ed2, ni56sUe3Fy
spp.bf@ic.fbi.gov - 5be21ba83176d9a3607b48c5cbc017c20f475a01, 76@xnXON@#
john.samaha@ic.fbi.gov - d4dfe16b90c224e691177fcae37a7d81ba106d02, ulfHffvWg1
roseliejean.custodio@ic.fbi.gov - 5ef7de3d192091fe5970ebd0f0115a80273179af, OEX8%tWuJS
janice.stout@ic.fbi.gov - b01af6a732f2f4ed7323e4aa2d0c54a7dc69f5cb, f%WuymlaJX
shannon.regil@ic.fbi,gov - bcc63efb852ded0984e79512012631795aae6ac9, #HQzWUTlLs
joshua.canter@ic.fbi.gov - 8970e9442ff1009d26185e4486916ff3fd9d6bb2, UMtXlzPW01
little.rock@ic.fbi.gov - 31513d6b4b562fff82f2fee4ea3e354dac6f0189, 0A7n7g0ny2
geronimo.garcia@ic.fbi.gov - a27ff20a90856644454c2279c3e107cb41077c79, 5qz5ROLt40
todd.werth@ic.fbi.gov - f4cf3604b2a476b7c56ad51acf2b8994a1f194f4, TIPBBTF7@g
patricia.villafranca@ic.fbi.gov - 117d1bfe3cb929bb93142205f6728deaa1695a29, Nixifs!4TD
chicago@ic.fbi.gov - ce4ed740399979c4d069d1f0b5f2246c20383b9f, nkE$SQ!EHH
michelle.lee@ic.fbi.gov - 4a9e42e8768d298667a0ebc4f9a355f43945eb67, XEA%zVZlLr
springfield@ic.fbi.gov - 02058c2c88363309f7f0d18b2805053f6e0b7cc1, hBpvkB0r9Z
megan.moffitt@ic.fbi.gov - d81205b33a70e45b57947a49bea9addc1b91e79f, W%GMze98hk
anita.shah@ic.fbi.gov - 024fc46aaa9426c83277394233a0502594236036, wUgZ&7!xwW
san.francisco@ic.fbi.gov - b9dbcd90f451d4048224b9054ca5a3767ecf0702, Z7kwq4Fe$q
paul.vitchock@ic.fbi.gov - 2f5af022db2ba7bb222f7ef99e9c66bf132a3298, nWHvo$@mFl
newhaven@ic.fbi.gov - e899f07f44e4e99bcafc61b42859409139768f66, pvZ4zK1yF3
carrie.sawicki@ic.fbi.gov - 1e517cd8c17fdcd2a49495acbe84130f7fbf2a36, EDFnz3mHeT
sonia.hunt@ic.fbi.gov - 899ff1b7db52757c0fdfb83411aca8804fbb7872, F3mfsbaptg
augenbaum@ic.fbi.gov - c7b3e98d98b330a0052c3ed13ed423ea5abf6f82, &ATLUE9C1j
kimberly.brown@ic.fbi.gov - 2385512bc4b25362f479138ca585b48f124cf986, CVvuRtu#cL
benjamin.stone@ic.fbi.gov - 0924fe2af2675c22f47f22f9c9e7b6b4b83a770c, ARvYrmIuMj
juanita.miller@ic.fbi.gov - 94018ab41195e74600669412281b5cbb7d9a0822, k4&VI$vxUn
edward.you@ic.fbi.gov - 1d3fefe83ee716b1ec8b048055cff2f83b2c538d, z1Kok1mqIf
niall.brennan@ic.fbi.gov - 9eb855386ad7f6e3c926dedfafcde0c238d32c28, BZ88L$!coz
janel.lobur@ic.fbi.gov - 3a0cdcada6100e09f1a6fe29519a1d024bfcc1a5, &Iy76AqmwL
phoenix@ic.fbi.gov - 66ff9437bc568668e87d5ff1506a76f22340a8f7, v$bRGHE9mU
john.whalen@ic.fbi.gov - 8096acd5503d9341bccfd8cefb54590f44b8bf27, A3qC@$kYT5
scranton.complaints@ic.fbi.gov - 50babae3c083816984c581a1b58f28bebcd00d0d, w%YKw8JY8x
richard.vorderbruegge@ic.fbi.gov - acf3a56eab392ac38518c4bdc012ded08c6977f7, $ll8j%&k4u
boston@ic.fbi.gov - 8134ec97538322f97b2e8d2f29fa72269d79fab5, wqxayJSIyg
kansas.city@ic.fbi.gov - 5bc16813e41e0b3b5d093d05e1a3dcda6f1dd340, CquYpfObfe
diana.wright@ic.fbi.gov - 1829c810c31c1bdfbb6a1597bb4c797e1333747d, tJD#NXHPyJ
william.mckinsey@ic.fbi.gov - f35681148b6c311c4e2ab6bd0f2ea8bd54c7421a, 3XmH$!&8Fl
jerry.varnell@ic.fbi.gov - 47f5b56179bcb413987ae27a151fb342ca5493d9, I4mo2D9Dyu
brian.abellera@ic.fbi.gov - 4c65035405bb295ce60f9edce01858adae9e9159, 6%%6zEI$Bk
philip.wright@ic.fbi.gov - 6fcdf84ec4194b8e78f19b578a36299a3971e9be, UrQEAUsko6
gerald.reichard@ic.fbi.gov - 628dd18faf3fc5194c6a72ba7503beefaa75edf9, f#ZXSlL2ZJ
diego.redondo@ic.fbi.gov - ae1ed0cee50c20cd0dae229364f95fc8335598b6, Xpav2at5uA
premiercru.complaints@ic.fbi.gov - d704d458f437bb5f39969dfb669248588d1d1c94, ysgYhsfHCO
michele.ernst@ic.fbi.gov - 27d85dcd7c8c27f544ff2dddff5d051b240b054c, l#X6TLT@ex
brandi.herron@ic.fbi.gov - 8b579280793c890f02c30bd53922727ce3bd03fe, D@tsSytF@@
thomas.callaghan@ic.fbi.gov - 7ed5dcbc3d6810a7fa73f6c631876e6b0dbf5eb0, jnzbTSQphh
nicky.megna@ic.fbi.gov - 66b68dd56e64598649f050f9f013b82f92defa5e, aQh8uGssBg
karey.kirkpatrick@ic.fbi.gov - 6ed898fdd3e9834bd72f8d7ef5599b3afe7de338, NrbAoyUV#S
kimberly.delgreco@ic.fbi.gov - e483ae26d1781373186c6f573df54dd8a9634922, a1vEgcuAW@
peter.murphy@ic.fbi.gov - 0c1a2bddb61417d190b2825d847735b34c9be7ec, VUm&oykAj$
maureen.bottrell@ic.fbi.gov - 8034467595ebe189bf02ef3c0647708212778c5d, THEG&n!$1i
ndcac@ic.fbi.gov - b9766e504f81f262266835b72100c0615c8a66c3, YOgvu!Ae6Z
richard.vanantwerp@ic.fbi.gov - dd2ae399f170424da93dfe8b7af6abccc1306259, Qgljgmx4xx
andrea.firpo@ic.fbi.gov - 86c7b685c2a456b36527be8dc5896940f8b0fe30, 2vghkpMn#j
marc.lebeau@ic.fbi.gov - 5d18dde31637bcb05cec71aecd3c9ce4ee0dcc49, 8lsc9lTDK$
timothy.marsh@ic.fbi.gov - 32ef3de0d5963fbfa532104637cd9dc0bf7ac3e1, veHhHqmp$!
joline.caron@ic.fbi.gov - 202eb6649c6d303a22cd84fd73a39351bd108d89, ovJ!X&H1!9
tracey.chase@ic.fbi.gov - 51be429365c9a3bc6978353eb3266e09ca180374, tFOZYOM1LJ
houston@ic.fbi.gov - 46dc3051c6e41e102badd0bbcae11348dd8dbd84, B5N&ncZ!A#
david.pennypacker@ic.fbi.gov - c7eb4288e65b8c238509d72fdfb6fa8a998375b4, $VKhwgXxzk
nsf_grip@ic.fbi.gov - fed6539fd185777af29d2351d46731f0109fb7a3, 65b@DTuRxm
stephen.morris@ic.fbi.gov - 9890cc963feac6148dc6d95a6231f95132cbe324, JhvSWReA3z
kevin.parker2@ic.fbi.gov - 28e59ebcfe8d5bb87539429a2f127f128ae4c667, s2ZN5UvuSZ
justin.cook@ic.fbi.gov - f65215e9032241be781ffb5c6d4ad481354606b9, y2HHT!pkfv
portland@ic.fbi.gov - 88e6bdba742905ea22ae84d33a16529811795f35, 60KEPF&uOQ
john.brown@ic.fbi.gov - 91e82e63ed9193a0dfaae964c029bbca472d854d, jYtzWyiGH7
troy.murdock@ic.fbi.gov - 03fda83ac4754ae97c48e1a765ccaca19d9f0a0e, cbNb7rLjJs
jay.darin@ic.fbi.gov - 25d4d29179c80b2f4c0d49fd539bb7d06883f65b, G%mtkgormA
jaime.aguirre@ic.fbi.gov - 6f6313bae201b8c9dd9cf1574ef8e2f1099a5d7f, HNDfoUiCiW
james.wynne@ic.fbi.gov - 8cddc9065f22f37f9385985a82a29aba03a9cfb5, yKKsCKDtm
daniel.clegg@ic.fbi.gov - c580e2a16d9d21683aa2e41cb8366ad451bdfdb9, TcwDozV&Y9
eyad.abusway@ic.fbi.gov - 7ebd7f87c44e6be63f6658e8b1f334f67c066756, exK&zHh74M
keenan.robinson@ic.fbi.gov - 53041e8c4362198cd4c551b1ca8a08ccb4cfbf1d, HE7fQBhPVr
susan.brandon@ic.fbi.gov - ef6df817ae60e81251dd98b40965dcaeec9d8089, %B1UX77JL4
david.chaves@ic.fbi.gov - 82b2d6fbf39ebf484bb86e9524abca101a8245f3, QhQi6Zw3y4
sandra.garcia@ic.fbi.gov - f98696466ed5b4b5dab765a7b124662105e4012c, uQ8P%uXH@m


--
Put forward by CyberZeist for Anonymous
https://twitter.com/cyberzeist2
Do not forget to vote at goo.gl/17gE9a and follow me for more upcoming lulz!!

1 comment:

  1. I am being contacted by many media agencies with weird questions related to the recent FBI hack released on 1st January 2017 - http://pastebin.com/5vwz6Wj4
    This statement is a justification for all those questions.
    ----------------------------------------------------------

    Many news outlets are asking me questions like my primary goal was to degrade the image of the organization behind Plone CMS development as it is considered as the most secured CMS till date with no vulnerability at all. This question is totally irrelevant as I have been in hacking scene since 2011 working under "Anonymous" umbrella and I hack the targets purely out of my own motivation. So, I am not influenced by any organization that wants to degrade the Image of Plone Organization.I just leaked out the details that I received after using the attack vector. I am not aware of any technical details of how Plone works internally. So please, do not ask me the technical details related to the inner workings of this CMS, you can test and see for yourself once I release the 0day vector.

    Also, stating that Plone CMS and its derivatives (currently used by FBI) are 100% hack proof is false as they had a few vulnerabilities in the past -
    https://www.exploit-db.com/exploits/38738/
    https://www.exploit-db.com/exploits/18262/
    https://www.exploit-db.com/exploits/27630/
    https://www.cvedetails.com/vulnerability-list/vendor_id-4313/Plone.html
    (these may be old, but the current 0day is closely related to them. The 0day I was given to test out was specifically for Local File Inclusion and Path Traversal exploits)

    Regarding Plone 0day validity:
    ------------------------------
    Secondly, I am being asked to release the 0day Plone CMS vulnerability to prove its credibility and validity. First of all, as I have already stated that I am not the one who discovered this 0day myself. I was contacted by a 0day vendor with handle "lo4fer" over tor network who asked me to test out the 0day on active websites using Plone and its DERIVATIVES. The FBI hack was done to test out the vulnerability. So I cannot disclose the 0day vector myself unless this exploit is not being actively sold or is rendered obsolete. Thus I will release the 0day myself via twitter and few selected security news portals once this 0day is not on sale or is rendered obsolete. So please wait for few days, once this 0day is obsolete, I will release the 0day as a proof of validity. I cannot break the negotiation code and release the 0day myself at this point as the vendor shared the 0day in exchange of my real identity as a token while handing the 0day vector to me.

    PS: Please stop blaming the people who are not involved in this hack, I alone have the sole responsibility to prove the validity of this 0day and NOT ANYONE ELSE!!!!

    Lastly, I want to add that I could have released this leak only under my name and not under the name of ANONYMOUS. This was done to revive the lost image of Anonymous which has gone silent since last few years. And I am grateful that I received good amount of support from the Anonymous Family as the mainstream media declined to even publish the hacks in first place. http://pastebin.com/mAtBHqPR

    ReplyDelete

-