recommended reading

Threatwatch

NSA-endorsed cyber training institution hacked by prankster

Network intrusion; Unauthorized use of system administrator privileges; Man-in-the-middle attack

An intruder vandalized the website of the EC-Council, an organization that runs IT security education and certification programs.

Writing under the pseudonym, “Eugene Belford” -- an infamous name from the movie "Hackers” -- the perpetrator claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization’s courses.

"Defaced again? Yep, good job reusing your passwords morons jack67834# 

owned by certified unethical software security professional

Obligatory link: http://attrition.org/errata/charlatan/ec-council/

-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials"

It appears the attacker used a technique called “DNS hijacking,” during which the site’s domain name pointed to an IP address under the attacker’s control. “This also seems to have affected EC-Council’s email infrastructure, as attempts to contact the organization at two of its publicly listed email addresses failed with a DNS error,” PCWorld reports.

The International Council of E-Commerce Consultants (EC-Council) runs several certification programs including Certified Ethical Hacker (CEH).

The organization claims to have trained more than 80,000 individuals and certified more than 30,000 security professionals from entities like the Army, the FBI, Microsoft and the United Nations. The EC-Council also purports to have received endorsements from the National Security Agency.

Over the weekend, the hacker replaced webpages on www.eccouncil.org with several messages and a screenshot of a 2010 application for admission to the CEH program that was submitted by former NSA contractor Edward Snowden.

As CSO shows in its story, the page contains a photocopy of Snowden’s passport and a letter from a Department of Defense Special Representative in Japan acknowledging Snowden’s five-year experience in information security. Both documents were allegedly attached to Snowden’s 2010 CEH application.

The hacker’s message suggests that this was the second time the site was defaced and that EC-Council reused passwords while attempting to recover from the first incident.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Defense Industrial Base; Education

reported

February 24, 2014

reported by

PCWorld

number affected

Unknown

location of breach

Unknown

perpetrators

Hacktivists

location of perpetrators

Unknown

date breach occurred

February 22, 2014

date breach detected

February 22, 2014

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.