CEH site hacked
Lostpacket
Member Posts: 25 ■■■□□□□□□□
in CHFI
I went to log in today and I see Snowdens Passport and his email requesting to be able to sit for the exam back in 2010.
Along with :
owned by certified unethical software security professional-Eugene Belford
Along with :
owned by certified unethical software security professional-Eugene Belford
Comments
-
YFZblu Member Posts: 1,462 ■■■■■■■■□□Ouch...
Edit: I'm a little surprised the page is still up. You'd think they would have noticed or been notified by now.
Double edit: All the things, including the primary domain 'eccouncil.org' is defaced
Triple edit: A DNS lookup of 'eccouncil.org' now points to a server on the Ecatel network, well-known for cybercrime. DNS hijacking? Which would answer my earlier question of why the site is still up. Not sure where eccouncil.org was hosted before though.. -
dpsmooth15 Banned Posts: 155I dont know if I should laugh like Iris or feel bad for them.. I think I am in that grey area somewhere. It was probably done by some 17 year old kid, who has been working on it since Friday night.
P.S. Not sure why the f**k I clicked on that site… …I guess I am the guy you say hey..I see a rattle snake, and I go get a closer look and get BIT like that guy from Snake Salvation (no offensive) -
YFZblu Member Posts: 1,462 ■■■■■■■■□□It's not hosting anything funky, I opened it up with a proxy debugger running.
***To be more specific it's not serving anything malicious that my Macbook was qualified to receive at least. -
Iristheangel Mod Posts: 4,133 ModI more laugh at the irony than anything else. I don't wish any harm on the folks at EC-Council.
EC-Council did an excellent job at marketing I suppose. I met my fair share of people who think you shouldn't even put it on your resume because it means you can "seriously hack" and then I've met my fair share of people that think it's going to do big things for their career if they get their CEH. Unfortunately, their marketing probably put a big bullseye on them. -
JoJoCal19 Mod Posts: 2,835 ModI went to check out the CEH iClass materials to see what it's all about and noticed that. I too had an internal chuckle at the irony.
Iris, I too have heard both things. My honest opinion is that both are somewhat true. Certain hiring managers might be wary of candidates with it and if the job description does not have it as a desired cert, I'd leave it off. On the flip side I've spoken to internal and external recruiters that gush over it.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Khaos1911 Member Posts: 366I know CEH gets panned around these parts, but I actually enjoyed studying for the exam and learned a bunch of new things that I never went so in depth on. I definitely overstudied, but I learned some new things. I guess I just have a soft spot for CEH....I still thinks its the "coolest sounding" cert, lol.
-
cyberguypr Mod Posts: 6,928 ModWow, still up. This is officially the funniest thing I've ever seen.
-
emerald_octane Member Posts: 613This is insane! DNS Hijacking; wonder if the admins were using weak credentials? Or social engineering of the dns provider?
-
JasminLandry Member Posts: 601 ■■■□□□□□□□As per EC-COUNCIL Website has been Hacked, Swonden it's been almost 2 hours.. it is actually pretty funny.
-
emerald_octane Member Posts: 613what makes this funnier if not sad is that alot of the WGU folks will be up a creek because they won't be able to access the iLab OR iClass materials live. I have the CHFI on Monday. Good thing I already did alot of the work.
-
nelson8403 Member Posts: 220 ■■■□□□□□□□wow that's not something you would expectBachelor of Science, IT Security
Master of Science, Information Security and Assurance
CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016) -
colemic Member Posts: 1,569 ■■■■■■■□□□as of 23:20 central time, still defaced. beyond funny.Working on: staying alive and staying employed
-
YFZblu Member Posts: 1,462 ■■■■■■■■□□Not defaced, the DNS record is now pointing to an alternate server hosting whatever the attackers want us to see. That being said I do wonder why it has taken so long.
I haven't handled a DNS hijacking Incident however, so I don't know what type of red tape is required to resolve this type of issue with the service provider, which will have to do an investigation of its own. -
cyberguypr Mod Posts: 6,928 ModThe reason is evident. They are trying to locate Snowden so he can tell them how to fix it.
Edit: DNS back to normal as of midnight CST. -
emerald_octane Member Posts: 613Oh god now it's even worse.
I dont think EC-C ever regained control, but if they did, it was lost. This is on the homepage now:[h=1]Defaced again? Yep, good job reusing your passwords morons jack67834#[/h] -
YFZblu Member Posts: 1,462 ■■■■■■■■□□Also added:P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials
That snowden email looks like a Gmail portal the attacker gained access to. Man...they appear royally owned.
Also, has eccouncil.org always been hosted with Ecatel? The attacker used the word 'defaced' which makes me think this is not DNS hijacking...Why on Earth would a legitimate security-related organization host with Ecatel? -
wes allen Member Posts: 540 ■■■■■□□□□□This blog, and from what I saw on twitter seems to imply DNS redirection, But, looks like additional ownage going on as well.
"The Plague" returns to deface EC Council website | CSO Blogs -
YFZblu Member Posts: 1,462 ■■■■■■■■□□Nice, thanks for the link - News like this makes me wish I had good passive DNS connections.
-
xnx Member Posts: 464 ■■■□□□□□□□It's surprising how easy it is for some people to do DNS hijacks with just a bit of clever social engineering most of the time, I bet they were using Go Daddy LOLGetting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently -
YFZblu Member Posts: 1,462 ■■■■■■■■□□eccouncil.org appears to have its content restored. "Think about the UNTHINKABLE event. Are you SKILLED to handle the cyber attack?" is now displayed under the C|EH section of the site, which made me chuckle. Not that I need to remind anyone here of the irony..
I did another DNS lookup, here are the dig results:
;; QUESTION SECTION:
;eccouncil.org. IN A
;; ANSWER SECTION:
eccouncil.org. 86165 IN A 93.174.95.82
An authoritative answer pointing to Ecatel...Is eccouncil.org actually hosted by freaking Ecatel? -
YFZblu Member Posts: 1,462 ■■■■■■■■□□Yeah, that's weird - A moment ago I was able to hit the site and was looking at eccouncil's original content.
-
JDMurray Admin Posts: 13,099 AdminLooks like the Twitterverse is having a good, hard go at the ECC: Meltwater IceRocket twitter search
The ironic thing is I will be teaching an ethical hacking class soon and this will be my example of Website defacement. :duncecap: -
impelse Member Posts: 1,237 ■■■■□□□□□□It is still defaced at 7:00 pm central time.Come on.
In the other hand maybe they are trying to catch him and let him/them to play.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
bryguy Member Posts: 190Looks like their iLab and iClass sites are down as well... How embarassing. Not a lot of other resources for CHFI material, I'm afraid. Anyone have any info on the additional .mil passports that were compromised?