CEH site hacked

Lostpacket

I went to log in today and I see Snowdens Passport and his email requesting to be able to sit for the exam back in 2010.

Along with :


owned by certified unethical software security professional-Eugene Belford

YFZblu

Ouch...

Edit: I'm a little surprised the page is still up. You'd think they would have noticed or been notified by now.

Double edit: All the things, including the primary domain 'eccouncil.org' is defaced

Triple edit: A DNS lookup of 'eccouncil.org' now points to a server on the Ecatel network, well-known for cybercrime. DNS hijacking? Which would answer my earlier question of why the site is still up. Not sure where eccouncil.org was hosted before though..

Iristheangel

Bwhahahahahahahahahahhhhhahahahahahahahha

dpsmooth15

I dont know if I should laugh like Iris or feel bad for them.. I think I am in that grey area somewhere. It was probably done by some 17 year old kid, who has been working on it since Friday night.

P.S. Not sure why the f**k I clicked on that site… …I guess I am the guy you say hey..I see a rattle snake, and I go get a closer look and get BIT like that guy from Snake Salvation (no offensive)

YFZblu

It's not hosting anything funky, I opened it up with a proxy debugger running.

***To be more specific it's not serving anything malicious that my Macbook was qualified to receive at least.

Iristheangel

I more laugh at the irony than anything else. I don't wish any harm on the folks at EC-Council.

EC-Council did an excellent job at marketing I suppose. I met my fair share of people who think you shouldn't even put it on your resume because it means you can "seriously hack" and then I've met my fair share of people that think it's going to do big things for their career if they get their CEH. Unfortunately, their marketing probably put a big bullseye on them.

JoJoCal19

I went to check out the CEH iClass materials to see what it's all about and noticed that. I too had an internal chuckle at the irony.

Iris, I too have heard both things. My honest opinion is that both are somewhat true. Certain hiring managers might be wary of candidates with it and if the job description does not have it as a desired cert, I'd leave it off. On the flip side I've spoken to internal and external recruiters that gush over it.

Khaos1911

I know CEH gets panned around these parts, but I actually enjoyed studying for the exam and learned a bunch of new things that I never went so in depth on. I definitely overstudied, but I learned some new things. I guess I just have a soft spot for CEH....I still thinks its the "coolest sounding" cert, lol.

cyberguypr

Wow, still up. This is officially the funniest thing I've ever seen.

emerald_octane

This is insane! DNS Hijacking; wonder if the admins were using weak credentials? Or social engineering of the dns provider?

JasminLandry

As per EC-COUNCIL Website has been Hacked, Swonden it's been almost 2 hours.. it is actually pretty funny.

emerald_octane

what makes this funnier if not sad is that alot of the WGU folks will be up a creek because they won't be able to access the iLab OR iClass materials live. I have the CHFI on Monday. Good thing I already did alot of the work.

nelson8403

wow that's not something you would expect

colemic

as of 23:20 central time, still defaced. beyond funny.

YFZblu

Not defaced, the DNS record is now pointing to an alternate server hosting whatever the attackers want us to see. That being said I do wonder why it has taken so long.

I haven't handled a DNS hijacking Incident however, so I don't know what type of red tape is required to resolve this type of issue with the service provider, which will have to do an investigation of its own.

cyberguypr

The reason is evident. They are trying to locate Snowden so he can tell them how to fix it.




Edit: DNS back to normal as of midnight CST.

emerald_octane

Oh god now it's even worse.

I dont think EC-C ever regained control, but if they did, it was lost. This is on the homepage now:

[h=1]Defaced again? Yep, good job reusing your passwords morons jack67834#[/h]

wes allen

I think this link was added in the 2nd round:

Errata: Charlatan - EC-Council (ECC)

wes allen

Updated again...

YFZblu

Also added:

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials

That snowden email looks like a Gmail portal the attacker gained access to. Man...they appear royally owned.

Also, has eccouncil.org always been hosted with Ecatel? The attacker used the word 'defaced' which makes me think this is not DNS hijacking...Why on Earth would a legitimate security-related organization host with Ecatel?

wes allen

This blog, and from what I saw on twitter seems to imply DNS redirection, But, looks like additional ownage going on as well.

"The Plague" returns to deface EC Council website | CSO Blogs

YFZblu

Nice, thanks for the link - News like this makes me wish I had good passive DNS connections.

ITrascal

it's still defaced
woow!

xnx

It's surprising how easy it is for some people to do DNS hijacks with just a bit of clever social engineering most of the time, I bet they were using Go Daddy LOL

YFZblu

eccouncil.org appears to have its content restored. "Think about the UNTHINKABLE event. Are you SKILLED to handle the cyber attack?" is now displayed under the C|EH section of the site, which made me chuckle. Not that I need to remind anyone here of the irony..

I did another DNS lookup, here are the dig results:

;; QUESTION SECTION:
;eccouncil.org. IN A

;; ANSWER SECTION:
eccouncil.org. 86165 IN A 93.174.95.82

An authoritative answer pointing to Ecatel...Is eccouncil.org actually hosted by freaking Ecatel?

ITrascal

nope still defaced at the moment

YFZblu

Yeah, that's weird - A moment ago I was able to hit the site and was looking at eccouncil's original content.

cyberguypr

Sounds like YFZblu is ready to sit CEH. LOL!!!

JDMurray

Looks like the Twitterverse is having a good, hard go at the ECC: Meltwater IceRocket twitter search

The ironic thing is I will be teaching an ethical hacking class soon and this will be my example of Website defacement. :duncecap:

impelse

It is still defaced at 7:00 pm central time.Come on.

In the other hand maybe they are trying to catch him and let him/them to play.

bryguy

Looks like their iLab and iClass sites are down as well... How embarassing. Not a lot of other resources for CHFI material, I'm afraid. Anyone have any info on the additional .mil passports that were compromised?