CEH site hacked

LostpacketLostpacket Member Posts: 25 ■■■□□□□□□□
I went to log in today and I see Snowdens Passport and his email requesting to be able to sit for the exam back in 2010.

Along with :

owned by certified unethical software security professional-Eugene Belford



  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□

    Edit: I'm a little surprised the page is still up. You'd think they would have noticed or been notified by now.

    Double edit: All the things, including the primary domain 'eccouncil.org' is defaced

    Triple edit: A DNS lookup of 'eccouncil.org' now points to a server on the Ecatel network, well-known for cybercrime. DNS hijacking? Which would answer my earlier question of why the site is still up. Not sure where eccouncil.org was hosted before though..
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • dpsmooth15dpsmooth15 Banned Posts: 155
    I dont know if I should laugh like Iris or feel bad for them.. I think I am in that grey area somewhere. It was probably done by some 17 year old kid, who has been working on it since Friday night.

    P.S. Not sure why the f**k I clicked on that site… …I guess I am the guy you say hey..I see a rattle snake, and I go get a closer look and get BIT like that guy from Snake Salvation (no offensive)
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    It's not hosting anything funky, I opened it up with a proxy debugger running.

    ***To be more specific it's not serving anything malicious that my Macbook was qualified to receive at least.
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    I more laugh at the irony than anything else. I don't wish any harm on the folks at EC-Council.

    EC-Council did an excellent job at marketing I suppose. I met my fair share of people who think you shouldn't even put it on your resume because it means you can "seriously hack" and then I've met my fair share of people that think it's going to do big things for their career if they get their CEH. Unfortunately, their marketing probably put a big bullseye on them.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,827 Mod
    I went to check out the CEH iClass materials to see what it's all about and noticed that. I too had an internal chuckle at the irony.

    Iris, I too have heard both things. My honest opinion is that both are somewhat true. Certain hiring managers might be wary of candidates with it and if the job description does not have it as a desired cert, I'd leave it off. On the flip side I've spoken to internal and external recruiters that gush over it.
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Khaos1911Khaos1911 Member Posts: 366
    I know CEH gets panned around these parts, but I actually enjoyed studying for the exam and learned a bunch of new things that I never went so in depth on. I definitely overstudied, but I learned some new things. I guess I just have a soft spot for CEH....I still thinks its the "coolest sounding" cert, lol.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Wow, still up. This is officially the funniest thing I've ever seen.
  • emerald_octaneemerald_octane Member Posts: 613
    This is insane! DNS Hijacking; wonder if the admins were using weak credentials? Or social engineering of the dns provider?
  • JasminLandryJasminLandry Member Posts: 601
    As per EC-COUNCIL Website has been Hacked, Swonden it's been almost 2 hours.. it is actually pretty funny.

  • emerald_octaneemerald_octane Member Posts: 613
    what makes this funnier if not sad is that alot of the WGU folks will be up a creek because they won't be able to access the iLab OR iClass materials live. I have the CHFI on Monday. Good thing I already did alot of the work.
  • nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    wow that's not something you would expect
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    as of 23:20 central time, still defaced. beyond funny.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Not defaced, the DNS record is now pointing to an alternate server hosting whatever the attackers want us to see. That being said I do wonder why it has taken so long.

    I haven't handled a DNS hijacking Incident however, so I don't know what type of red tape is required to resolve this type of issue with the service provider, which will have to do an investigation of its own.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    The reason is evident. They are trying to locate Snowden so he can tell them how to fix it.


    Edit: DNS back to normal as of midnight CST.
  • emerald_octaneemerald_octane Member Posts: 613
    Oh god now it's even worse.

    I dont think EC-C ever regained control, but if they did, it was lost. This is on the homepage now:
    [h=1]Defaced again? Yep, good job reusing your passwords morons jack67834#[/h]
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I think this link was added in the 2nd round:

    Errata: Charlatan - EC-Council (ECC)
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Updated again...

    ceh.jpg 88.2K
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Also added:
    P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials

    That snowden email looks like a Gmail portal the attacker gained access to. Man...they appear royally owned.

    Also, has eccouncil.org always been hosted with Ecatel? The attacker used the word 'defaced' which makes me think this is not DNS hijacking...Why on Earth would a legitimate security-related organization host with Ecatel?
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    This blog, and from what I saw on twitter seems to imply DNS redirection, But, looks like additional ownage going on as well.

    "The Plague" returns to deface EC Council website | CSO Blogs
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Nice, thanks for the link - News like this makes me wish I had good passive DNS connections.
  • ITrascalITrascal Member Posts: 55 ■■■□□□□□□□
    it's still defaced
  • xnxxnx Do they matter? UKMember Posts: 464 ■■■□□□□□□□
    It's surprising how easy it is for some people to do DNS hijacks with just a bit of clever social engineering most of the time, I bet they were using Go Daddy LOL
    Getting There ...

    Lab Equipment: Using Cisco CSRs and 4 Switches currently
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    eccouncil.org appears to have its content restored. "Think about the UNTHINKABLE event. Are you SKILLED to handle the cyber attack?" is now displayed under the C|EH section of the site, which made me chuckle. Not that I need to remind anyone here of the irony..

    I did another DNS lookup, here are the dig results:

    ;eccouncil.org. IN A

    eccouncil.org. 86165 IN A

    An authoritative answer pointing to Ecatel...Is eccouncil.org actually hosted by freaking Ecatel?
  • ITrascalITrascal Member Posts: 55 ■■■□□□□□□□
    nope still defaced at the moment
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Yeah, that's weird - A moment ago I was able to hit the site and was looking at eccouncil's original content.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Sounds like YFZblu is ready to sit CEH. LOL!!!
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,893 Admin
    Looks like the Twitterverse is having a good, hard go at the ECC: Meltwater IceRocket twitter search

    The ironic thing is I will be teaching an ethical hacking class soon and this will be my example of Website defacement. :duncecap:
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    It is still defaced at 7:00 pm central time.Come on.

    In the other hand maybe they are trying to catch him and let him/them to play.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • bryguybryguy Member Posts: 190
    Looks like their iLab and iClass sites are down as well... How embarassing. Not a lot of other resources for CHFI material, I'm afraid. Anyone have any info on the additional .mil passports that were compromised?
Sign In or Register to comment.