Threatwatch

NSA-endorsed cyber training institution hacked by prankster

Network intrusion; Unauthorized use of system administrator privileges; Man-in-the-middle attack

An intruder vandalized the website of the EC-Council, an organization that runs IT security education and certification programs.

Writing under the pseudonym, “Eugene Belford” -- an infamous name from the movie "Hackers” -- the perpetrator claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization’s courses.

"Defaced again? Yep, good job reusing your passwords morons jack67834# 

owned by certified unethical software security professional

Obligatory link: http://attrition.org/errata/charlatan/ec-council/

-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials"

It appears the attacker used a technique called “DNS hijacking,” during which the site’s domain name pointed to an IP address under the attacker’s control. “This also seems to have affected EC-Council’s email infrastructure, as attempts to contact the organization at two of its publicly listed email addresses failed with a DNS error,” PCWorld reports.

The International Council of E-Commerce Consultants (EC-Council) runs several certification programs including Certified Ethical Hacker (CEH).

The organization claims to have trained more than 80,000 individuals and certified more than 30,000 security professionals from entities like the Army, the FBI, Microsoft and the United Nations. The EC-Council also purports to have received endorsements from the National Security Agency.

Over the weekend, the hacker replaced webpages on www.eccouncil.org with several messages and a screenshot of a 2010 application for admission to the CEH program that was submitted by former NSA contractor Edward Snowden.

As CSO shows in its story, the page contains a photocopy of Snowden’s passport and a letter from a Department of Defense Special Representative in Japan acknowledging Snowden’s five-year experience in information security. Both documents were allegedly attached to Snowden’s 2010 CEH application.

The hacker’s message suggests that this was the second time the site was defaced and that EC-Council reused passwords while attempting to recover from the first incident.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Defense Industrial Base; Education

reported

February 24, 2014

reported by

PCWorld

number affected

Unknown

location of breach

Unknown

perpetrators

Hacktivists

location of perpetrators

Unknown

date breach occurred

February 22, 2014

date breach detected

February 22, 2014