September 04, 2012

Anatomy of the FBI Breach

Following our blog post regarding the Anonymous breach of the Apple/FBI data where over 12m personal records were claimed to be stolen via compromising an FBI Agent’s laptop via a Java Vulnerability, we decided to outline the hack in order to better explain how things worked in the wild.

What the Hack?

Anonymous have claimed to use a specific vulnerability in order to gain control over the FBI Agent’s laptop, browse and find an interesting file that they claimed to contain Apple device user information complete with personal user information - in a CSV file. They then downloaded it and distributed a portion of it, which was 1 million out of 12 million records, sanitized for only meta data.

Some background

For a while now, there has been a known Java vulnerability CVE-2012-0507, that effects specific versions of Java on all platforms and allows the remote attacker to gain control over its victim.

The hacker needs to plant the payload either via a website, email, hidden link etc – and once the user interacts with the link – the system is owned.

Hack Anatomy

Lets go step by step through the different phases of the attack itself, remembering that other than the hack itself, there was a reconnaissance phase to be able to identify the specific target and address him individually.

First, the hacker uses a framework to load the exploit code and generates a host to let the victim download the malicious payload:


Second, the victim is tricked to access the malicious host, by either persistent XSS infection on a site, malicious link in an email, or plain social engineering to name a few:


Once the target has activated the URL, the payload is activated via the vulnerability vector and a reverse session is opened between the hacker and the victim:


The hacker at this stage has full control on the machine and is able to launch commands including a prompt to execute code or search the victims host:


The hacker then looks for relevant information that he wishes to steal and downloads it from the victims computer


Game over, no quarter:


Authors & Topics:

Share on LinkedIn


nice simple explanation thanx. the most difficult part is getting the user to click that link though..

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.