Ethical hacking organisation site hacked, defaced with Snowden's passport

Filed Under: Featured, Law & order, Security threats

ec-councilThe website for EC-Council, a US-based issuer of security certifications, was defaced over the weekend with Edward Snowden's passport, an email from Snowden to the council dated 2010, and a message jeering at the council and its purported habits of password reuse.

The message:

Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional

Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials

The attacker's or attackers' sign-off name, Eugene Belford, is that of the evil computing genius in the movie "Hackers", also known as "The Plague".

The council issues a host of certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and License Penetration Tester (LPT).

"Eugene Belford" apparently doesn't think very highly of those certifications.

The attacker left a link to an attrition.org page that lists a number of prior vulnerabilities, a previous hack, and criticism of the organisation from the education and information security professions, including "taking shortcuts usually reserved for students, by plagiarizing content from other sources and including it in their commercial offerings."

, ,

You might like

2 Responses to Ethical hacking organisation site hacked, defaced with Snowden's passport

  1. Fighting the urge to say this was deserved. EC council is yet another cert. mill looking at profit and not progress.

  2. The DNS poisoning attack was initiated not on the EC-Council servers, but rather on the the ICANN Accredited DNS Registrar that held the registry of the domain. Law enforcement around the world need to take a closer look at how DNS works and understand that relying on 3rd parties to manage DNS can be a hazard. Granted that EC-Council needs to do some work to be more secure, how does that differ from the millions of other companies and websites live on the Internet? 100% Security does NOT exist and all companies and security professionals strive towards that elusive goal.
    Following this attack, EC-Council will be the better off it and will improve its security posture, however, this sort of attack also raises the question, that maybe (as explained in the certifications of C|EH and C|HFI) defence in-depth should also include 3rd party partnerships? ICANN also needs to be audited so that other companies and websites can be rest assured that this sort of attack can be avoided. Therefore, lets not just point fingers and blame and say profit over progress! Security should be a collaborative effort with ALL parties and lets all strive towards this!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.