Friday December 14, 2018
Home Science & Technology Hacker breach...

Hacker breaches US FBI website, leakes personal account information to a Public site: Report

0
//
Hacking (representative image), Pixabay
Republish
Reprint

Moscow, Jan 5, 2017: A hacker has claimed to have breached the US Federal Bureau of Investigation’s website and leaked personal account information to a public site, media reported.

The hacker, known as CyberZeist, exploited a zero-day vulnerability in the highly-secure Plone Content Management System (CMS) of the FBI’s website and leaked some of the information to Pastebin, an open source site that is often used by hackers to post stolen information and bits of code, RT.com reported on Thursday.

NewsGram brings to you current foreign news from all over the world.

A zero-day fault is a vulnerability in the code that has not been detected, listed, or patched yet. Therefore, the FBI had zero days to respond to the attack.

This is not the first time the hacker claimed breaching the FBI site. In 2011, CyberZeist is believed to have hacked the FBI site as a member of a group known as Anonymous.

Authorities in the US have not yet responded to the recent hacking incident that was claimed to have occurred last month.

NewsGram brings to you top news around the world today.

“fbi.gov CMS Exploited, files in view – PasswordResetTool.py, product permissions, setup file. More coming soon #FBI #PWNED,” the hacker had tweeted on December 22.

“Don’t blame the #hacker, blame the faulty #code!,” CyberZeist had said in another tweet on December 27.

CyberZeist warned other agencies that are currently using the Plone CMS that they too are vulnerable to a similar attack. “Amnesty acknowledges to patch the Plone #vulnerability in their CMS, just in time!,” CyberZeist said in a recent tweet. (IANS)

Click here for reuse options!
Copyright 2017 NewsGram

Next Story

The Secrets Of The North Korean Hacker Army

The last component would be for governments to codify what measures would be employed as proportional responses, should additional cyberattacks

0
Hacking (representational Image), VOA

North Korean hackers continue to circumvent protections and compromise computer systems around the globe. Pyongyang’s cyber operatives, like the Lazarus Group, have been linked to computer system infiltrations like the 2014 Sony Pictures Studios hack prior to the release of the U.S. film “The Interview” and the attempted theft of close to $1 billion from the central Bangladesh bank using the SWIFT banking network in 2016.

But how did Pyongyang become so adept at hacking while not possessing rich resources and being under tough International sanctions?

Seungjoo Kim, a professor at Korea University’s Graduate School of Information Security says the answer, in part, is because North Korea’s computer hackers operate in China and Europe with easy access to the internet.

“North Korea practices their craft under real conditions, like hacking cryptocurrency sites or stealing information,” he said, “These repeated exercises help to improve their skills.”

As an instructor, Seungjoo Kim teaches his students how hackers invade other systems using traditional textbooks instruction. But without real-world trials, he says they can’t obtain the knowledge needed to test systems or prevent hostile attacks.

“Basically, you should teach basic computer knowledge, and then try to solve some hacking problems,” he said, adding that the best way to improve one’s computer infiltration skills is with real-time and real-world practice.

“North Korea acquires [their] knowledge by invading other systems,” said Kim.

He added that because North Korea can directly attack other countries, that effort has enabled Pyongyang to quickly develop their world-renowned hacking skills.

North Korea’s cyber army

Experts assert there are between 6,000 and 7,500 members of North Korea’s cyber army, split into a number of divisions to carry out cyberterrorism against state infrastructure, financial institutions, and the latest hijacking of defense technology.

Sony Pictures, North Korean, Computer
Pedestrians walk past an exterior wall of Sony Pictures Studios in Los Angeles, California, Dec. 4, 2014. That year, Sony became the victim of a cyber hack by North Korean operatives from the Lazarus Group. VOA

“North Korea was inspired by the Chinese cyberwar units and learned from them,” said NK Intellectuals Solidarity director Heung Kwan Kim, “Recognizing their power, North Korea set up the first unit within the central government in 1993.”

While Pyongyang’s Reconnaissance General Bureau is comprised of six divisions and overseas operations in South Korea, the United States, and Japan, it’s another bureau that is responsible for the bulk of North Korea’s cyber warfare.

“Unit 121 oversees Unit 180, Unit 91, and lab 110,” Heung Kwan Kim told VOA.

A 500-person strong Unit 121 was created in 1998, and in 2009 the group successfully carried out 77 attacks by overwhelming computer networks through unleashing an onslaught of Internet traffic.

This led Pyongyang to conclude that cyber-warfare was “the most suitable form of war” for North Korea in the modern era, according to Heung Kwan Kim.

Attacks continued throughout 2014, and in 2015. When North Korea reorganized their divisions, Unit 121 was given the mission of attacking a foreign nation’s infrastructure, such as transportation networks, telecommunications, gas, electric power, nuclear power, and aviation systems.

Bitcoin Price, Cryptocurrency surge, Computer
Bitcoins placed on dollar banknotes are seen in this illustration photo taken Nov. 6, 2017. Cryptocurrencies are attractive for North Korean hackers because they are difficult to trace back to their original owner. VOA

Unit 91’s focus was shifted to acquiring “advanced technologies needed for nuclear development and long-range missiles from developed countries.”

Finally, the role of Unit 180 was changed for it to target financial systems and to focus on block chain technology.

Cryptocurrency and blockchains

With international sanctions crippling Pyongyang’s coffers, Heung Kwan Kim said North Korea shifted their cyberattacks to private systems, rather than government networks, because the smaller entities weren’t as well protected.

“It’s a problem of North Korea’s high ability and low security,” he said.

The numerous attacks on small and private companies have led to allegations that Pyongyang is hacking into cryptocurrency exchanges to steal virtual money, like Bitcoin, said Seungjoo Kim. Stolen cryptocurrencies are attractive because they are difficult to trace back to their original owner.

In 2017, the North Korean hacking group Lazarus was accused of attacking South Korea cryptocurrency exchange Bithumb. The cyber thieves made off with nearly $7 million in digital currencies.

Bitcoin Price, Cryptocurrency surge, Computer
Experts: Cyber attacks Growing Increasingly Sophisticated. Pixabay

The hackers also obtained personal information of users stored on the compromised servers. The BBC reports North Korea was later able to ransom additional funds from the owners in exchange for deleting the data.

“Cryptocurrency is easy to steal because it moves in cyberspace,” said Seungjoo Kim.

He added, “To earn cryptocurrency in a legitimate way, cutting-edge computers are required, but North Korea doesn’t have them, so they attack computers abroad and hack mining programs.”

The hacked computers then send any virtual coins it uncovers to North Korean digital wallets they can convert to hard currency.

Also Read: $571 Mn In Cryptocurrency Stolen By North Korean Hacker Group

To curtail North Korea’s cyberattacks, he advocates a detente in the virtual world that’s similar to the easing of tensions taking place on the peninsula. However, that may be difficult, as it would require Pyongyang to admit it committed acts of cyberwarfare.

In addition, it would require “Russia and China not only participating in current real-world sanctions, cyber sanctions at the same time,” said Seungjoo Kim.

The last component, he said, would be for governments to codify what measures would be employed as proportional responses, should additional cyberattacks take place and prepare for those events. (VOA)