NSA-endorsed cyber training institution hacked by prankster
Network intrusion; Unauthorized use of system administrator privileges; Man-in-the-middle attack
An intruder vandalized the website of the EC-Council, an organization that runs IT security education and certification programs.
Writing under the pseudonym, “Eugene Belford” -- an infamous name from the movie "Hackers” -- the perpetrator claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization’s courses.
"Defaced again? Yep, good job reusing your passwords morons jack67834#
owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials"
It appears the attacker used a technique called “DNS hijacking,” during which the site’s domain name pointed to an IP address under the attacker’s control. “This also seems to have affected EC-Council’s email infrastructure, as attempts to contact the organization at two of its publicly listed email addresses failed with a DNS error,” PCWorld reports.
The International Council of E-Commerce Consultants (EC-Council) runs several certification programs including Certified Ethical Hacker (CEH).
The organization claims to have trained more than 80,000 individuals and certified more than 30,000 security professionals from entities like the Army, the FBI, Microsoft and the United Nations. The EC-Council also purports to have received endorsements from the National Security Agency.
Over the weekend, the hacker replaced webpages on www.eccouncil.org with several messages and a screenshot of a 2010 application for admission to the CEH program that was submitted by former NSA contractor Edward Snowden.
As CSO shows in its story, the page contains a photocopy of Snowden’s passport and a letter from a Department of Defense Special Representative in Japan acknowledging Snowden’s five-year experience in information security. Both documents were allegedly attached to Snowden’s 2010 CEH application.
The hacker’s message suggests that this was the second time the site was defaced and that EC-Council reused passwords while attempting to recover from the first incident.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
Defense Industrial Base; Education
February 24, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
February 22, 2014
date breach detected
February 22, 2014