The organization claims to have trained over 80,000 individuals and certified more than 30,000 security professionals from organizations like the US Army, the FBI, Microsoft, IBM and the United Nations. It also claims to have received endorsements from various U.S. government agencies including the National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
Over the weekend, a hacker who calls himself Eugene Belford—most likely after a character in the movie Hackers—replaced the homepage of the www.eccouncil.org website with several messages and a screen shot of an email application for admission to the CEH program sent to the organization in 2010 by former NSA contractor Edward Snowden.
The page contains a photocopy of Snowden’s passport and a letter from a Department of Defense Special Representative in Japan acknowledging Snowden’s five-year experience in information security. Both documents were allegedly attached to the 2010 email in support of Snowden’s CEH application.
“I’m sitting on thousands of passports belonging to LE [law enforcement] (and .mil) officials,” the hacker wrote on the defaced EC-Council website.
Another message suggests that this was the second time the site was defaced and that EC-Council reused passwords while attempting to recover from the first defacement.
It appears the attack was the result of DNS hijacking with the domain name pointed to an Internet Protocol (IP) address under the attacker’s control. This also seems to have affected EC-Council’s email infrastructure, as attempts to contact the organization at two of its publicly listed email addresses failed with a DNS error.
The company that is most famous for its Certified Ethical Hacker(CEH) certification has been hacked by a hacker who claims to be a 'certified unethical software security professional' going by the alias Eugene Belford. EC Council is the world's leading provider of certifications and training in the information security domain led and co-founded by Indian born Jay Bavisi.The hacker left the EC-Council website with the Passport of Edward Snowden. According to the New York Times, NSA whistleblower Edward Snowden took a course and received a certification from EC-Council as a "Certified Ethical Hacker," his application for the same is uploaded on the website as well. Interestingly, according to Delhi-based Koenig training institute, Snowden attended a six-day "security analyst and ethical hacker" course there which would prepare Snowden for another EC-Council course EC Council Certified Security Analyst (ECSA).
The hack was confirmed by many security researchers from all over the world in a matter of minutes including Kevin Mitnick, world's most wanted computer hacker turned security consultant who tweeted “EC Council hacked? Snowden's passport page was on their website”. Ian Fagan, a security researcher from New Jersey pointed out that the alias is from a popular movie called Hackers, “Eugene Belford aka ThePlauge from HACKERS the movie!” he tweeted
According to Virus Total, ”The IP address that is controlling the attack was used earlier this month in an attack on a Flash-based game called Realm of the Mad God.” The exact amount of damage caused by the attacker is yet unknown but when we look at the source code of the page we know the attacker uploaded the two pictures directly on to the EC-Council web server which means that the website is definitely compromised.
DNA attempted to contact EC-Council but there was no response.
Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.
0 comments:
Post a Comment