[Infowarrior] - EC-Council’s website defaced, possible data stolen
Richard Forno
rforno at infowarrior.org
Mon Feb 24 08:41:58 CST 2014
Security certification group EC-Council’s website defaced with Snowden passport
Hacker claims to have grabbed thousands of law enforcement and military passports.
by Megan Geuss - Feb 23 2014, 10:40pm EST
http://arstechnica.com/security/2014/02/security-certification-group-ec-councils-website-defaced-with-snowden-passport/
The website for EC-Council, an “International Council of E-Commerce Consultants,” was defaced on Sunday evening. The hacker, who went by Eugene Belford (named for the “thieving evil computer genius” from the movie Hackers) also claimed to have found “thousands of passports belonging to LE [Law Enforcement] (and .mil) officials” in the process of breaking into the site.
Eugene Belford wrote on the EC-Council homepage, “Defaced again? Yep, good job reusing your passwords morons jack67834#”. With respect to the claim that passport and other information was stolen, the hacker posted a photo of Edward Snowden's passport, along with an e-mail from him to the council from 2010.
EC-Council has long been an administrator of information security certification, and the organization's training programs are sometimes used by employers to get employees up to speed on certain skills. Some of EC-Council's certification programs include Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT).
Still, the site's hacker referred to an attrition.org page that lists its grievances against the certifier. “EC-Council's history is mired in controversy, with a wide variety of criticism coming from both the education and information security professions,” attrition.org says. “The company not only runs an extensive certification program, they also operate a virtual university. This has not stopped them from taking shortcuts usually reserved for students, by plagiarizing content from other sources and including it in their commercial offerings.”
This is not the first defacement for EC-Council. Based on the e-mail screenshot posted to the organization's homepage, security researcher Ashkan Soltani and Collin D. Anderson suggested on Twitter that the "attacker hijacked DNS and gained access to GApps through domain verification account reset."
Ars attempted to contact EC-Council but there was no response as of this publishing. Ars will update this story if EC-Council provides a statement.
On its Facebook page, EC-Council writes that it “has trained over 80,000 individuals and certified more than 30,000 security professionals from such fine organizations as the US Army, the FBI, Microsoft, IBM, and the United Nations.”
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
More information about the Infowarrior
mailing list