recommended reading

Threatwatch

NSA-endorsed cyber training institution hacked by prankster

Network intrusion; Unauthorized use of system administrator privileges; Man-in-the-middle attack

An intruder vandalized the website of the EC-Council, an organization that runs IT security education and certification programs.

Writing under the pseudonym, “Eugene Belford” -- an infamous name from the movie "Hackers” -- the perpetrator claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization’s courses.

"Defaced again? Yep, good job reusing your passwords morons jack67834# 

owned by certified unethical software security professional

Obligatory link: http://attrition.org/errata/charlatan/ec-council/

-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials"

It appears the attacker used a technique called “DNS hijacking,” during which the site’s domain name pointed to an IP address under the attacker’s control. “This also seems to have affected EC-Council’s email infrastructure, as attempts to contact the organization at two of its publicly listed email addresses failed with a DNS error,” PCWorld reports.

The International Council of E-Commerce Consultants (EC-Council) runs several certification programs including Certified Ethical Hacker (CEH).

The organization claims to have trained more than 80,000 individuals and certified more than 30,000 security professionals from entities like the Army, the FBI, Microsoft and the United Nations. The EC-Council also purports to have received endorsements from the National Security Agency.

Over the weekend, the hacker replaced webpages on www.eccouncil.org with several messages and a screenshot of a 2010 application for admission to the CEH program that was submitted by former NSA contractor Edward Snowden.

As CSO shows in its story, the page contains a photocopy of Snowden’s passport and a letter from a Department of Defense Special Representative in Japan acknowledging Snowden’s five-year experience in information security. Both documents were allegedly attached to Snowden’s 2010 CEH application.

The hacker’s message suggests that this was the second time the site was defaced and that EC-Council reused passwords while attempting to recover from the first incident.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

sector

Defense Industrial Base; Education

reported

February 24, 2014

reported by

PCWorld

number affected

Unknown

location of breach

Unknown

perpetrators

Hacktivists

location of perpetrators

Unknown

date breach occurred

February 22, 2014

date breach detected

February 22, 2014

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.