CEH site hacked

LostpacketLostpacket Posts: 25Member ■□□□□□□□□□
I went to log in today and I see Snowdens Passport and his email requesting to be able to sit for the exam back in 2010.

Along with :


owned by certified unethical software security professional-Eugene Belford

icon_redface.gif
«1345

Comments

  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Ouch...

    Edit: I'm a little surprised the page is still up. You'd think they would have noticed or been notified by now.

    Double edit: All the things, including the primary domain 'eccouncil.org' is defaced

    Triple edit: A DNS lookup of 'eccouncil.org' now points to a server on the Ecatel network, well-known for cybercrime. DNS hijacking? Which would answer my earlier question of why the site is still up. Not sure where eccouncil.org was hosted before though..
  • IristheangelIristheangel ABL - Always Be Labbin' Pasadena, CAPosts: 4,114Mod Mod
    Bwhahahahahahahahahahhhhhahahahahahahahha
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
  • dpsmooth15dpsmooth15 Posts: 155Banned
    I dont know if I should laugh like Iris or feel bad for them.. I think I am in that grey area somewhere. It was probably done by some 17 year old kid, who has been working on it since Friday night.

    P.S. Not sure why the f**k I clicked on that site… …I guess I am the guy you say hey..I see a rattle snake, and I go get a closer look and get BIT like that guy from Snake Salvation (no offensive)
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    It's not hosting anything funky, I opened it up with a proxy debugger running.

    ***To be more specific it's not serving anything malicious that my Macbook was qualified to receive at least.
  • IristheangelIristheangel ABL - Always Be Labbin' Pasadena, CAPosts: 4,114Mod Mod
    I more laugh at the irony than anything else. I don't wish any harm on the folks at EC-Council.

    EC-Council did an excellent job at marketing I suppose. I met my fair share of people who think you shouldn't even put it on your resume because it means you can "seriously hack" and then I've met my fair share of people that think it's going to do big things for their career if they get their CEH. Unfortunately, their marketing probably put a big bullseye on them.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
  • JoJoCal19JoJoCal19 California Kid Posts: 2,750Mod Mod
    I went to check out the CEH iClass materials to see what it's all about and noticed that. I too had an internal chuckle at the irony.

    Iris, I too have heard both things. My honest opinion is that both are somewhat true. Certain hiring managers might be wary of candidates with it and if the job description does not have it as a desired cert, I'd leave it off. On the flip side I've spoken to internal and external recruiters that gush over it.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, Pentesting
    Next Up:​ eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python)
  • Khaos1911Khaos1911 Posts: 366Member
    I know CEH gets panned around these parts, but I actually enjoyed studying for the exam and learned a bunch of new things that I never went so in depth on. I definitely overstudied, but I learned some new things. I guess I just have a soft spot for CEH....I still thinks its the "coolest sounding" cert, lol.
  • cyberguyprcyberguypr Senior Member Posts: 6,693Mod Mod
    Wow, still up. This is officially the funniest thing I've ever seen.
  • emerald_octaneemerald_octane Posts: 613Member
    This is insane! DNS Hijacking; wonder if the admins were using weak credentials? Or social engineering of the dns provider?
  • JasminLandryJasminLandry Posts: 601Member
    As per EC-COUNCIL Website has been Hacked, Swonden it's been almost 2 hours.. it is actually pretty funny.

  • emerald_octaneemerald_octane Posts: 613Member
    what makes this funnier if not sad is that alot of the WGU folks will be up a creek because they won't be able to access the iLab OR iClass materials live. I have the CHFI on Monday. Good thing I already did alot of the work.
  • nelson8403nelson8403 Posts: 220Member ■■■□□□□□□□
    wow that's not something you would expect
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • colemiccolemic Posts: 1,566Member ■■■■■■■□□□
    as of 23:20 central time, still defaced. beyond funny.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Not defaced, the DNS record is now pointing to an alternate server hosting whatever the attackers want us to see. That being said I do wonder why it has taken so long.

    I haven't handled a DNS hijacking Incident however, so I don't know what type of red tape is required to resolve this type of issue with the service provider, which will have to do an investigation of its own.
  • cyberguyprcyberguypr Senior Member Posts: 6,693Mod Mod
    The reason is evident. They are trying to locate Snowden so he can tell them how to fix it.

    HackerShirt.jpg


    Edit: DNS back to normal as of midnight CST.
  • emerald_octaneemerald_octane Posts: 613Member
    Oh god now it's even worse.

    I dont think EC-C ever regained control, but if they did, it was lost. This is on the homepage now:
    [h=1]Defaced again? Yep, good job reusing your passwords morons jack67834#[/h]
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
    I think this link was added in the 2nd round:

    Errata: Charlatan - EC-Council (ECC)
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
    Updated again...

    ceh.jpg 88.2K
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Also added:
    P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials

    That snowden email looks like a Gmail portal the attacker gained access to. Man...they appear royally owned.

    Also, has eccouncil.org always been hosted with Ecatel? The attacker used the word 'defaced' which makes me think this is not DNS hijacking...Why on Earth would a legitimate security-related organization host with Ecatel?
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
    This blog, and from what I saw on twitter seems to imply DNS redirection, But, looks like additional ownage going on as well.

    "The Plague" returns to deface EC Council website | CSO Blogs
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Nice, thanks for the link - News like this makes me wish I had good passive DNS connections.
  • ITrascalITrascal Posts: 44Member ■■□□□□□□□□
    it's still defaced
    woow!
  • xnxxnx Posts: 464Member ■■■□□□□□□□
    It's surprising how easy it is for some people to do DNS hijacks with just a bit of clever social engineering most of the time, I bet they were using Go Daddy LOL
    Getting There ...

    Lab Equipment: Using Cisco CSRs and 4 Switches currently
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    eccouncil.org appears to have its content restored. "Think about the UNTHINKABLE event. Are you SKILLED to handle the cyber attack?" is now displayed under the C|EH section of the site, which made me chuckle. Not that I need to remind anyone here of the irony..

    I did another DNS lookup, here are the dig results:

    ;; QUESTION SECTION:
    ;eccouncil.org. IN A

    ;; ANSWER SECTION:
    eccouncil.org. 86165 IN A 93.174.95.82

    An authoritative answer pointing to Ecatel...Is eccouncil.org actually hosted by freaking Ecatel?
  • ITrascalITrascal Posts: 44Member ■■□□□□□□□□
    nope still defaced at the moment
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Yeah, that's weird - A moment ago I was able to hit the site and was looking at eccouncil's original content.
  • cyberguyprcyberguypr Senior Member Posts: 6,693Mod Mod
    Sounds like YFZblu is ready to sit CEH. LOL!!!
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,200Admin Admin
    Looks like the Twitterverse is having a good, hard go at the ECC: Meltwater IceRocket twitter search

    The ironic thing is I will be teaching an ethical hacking class soon and this will be my example of Website defacement. :duncecap:
  • impelseimpelse Posts: 1,227Member ■■■■□□□□□□
    It is still defaced at 7:00 pm central time.Come on.

    In the other hand maybe they are trying to catch him and let him/them to play.
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • bryguybryguy Posts: 190Member
    Looks like their iLab and iClass sites are down as well... How embarassing. Not a lot of other resources for CHFI material, I'm afraid. Anyone have any info on the additional .mil passports that were compromised?
«1345
Sign In or Register to comment.