CEH site hacked
Comments
-
Chivalry1 Member Posts: 569This is truly shameful for eccouncil as a Information Security organization. Its sad because I truly enjoyed doing the CEH certification and penetration course. The course and certification curriculum offers a person a lot to learn. But apparently they don't apply whats taught. I took notice to there website being a target when the portal had a SSL certificate expire. Also....I wonder how the DOD will respond with CEH being on the 8570 directive.
Plus the hacker was able to obtain passport information and a DOD letter. This shows the attacker has multiple levels of access. The reputation as a Information Security organization will be damaged as a result of this hack. All in All I still think the CEH taught me more than MANY of the other certification I have passed. ECCOUNCIL if you are reading this....get it together!!! To be down this long is just ridicilous."The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
impelse Member Posts: 1,237 ■■■■□□□□□□It is true, but remember YOU WILL BE HACK, the question is when and what are you doing to mitigate the risk or respond with DRP.....Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
impelse Member Posts: 1,237 ■■■■□□□□□□cyberguypr wrote: »Meanwhile at the EC Council offices:
LOL, they do not have on-call.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
JDMurray Admin Posts: 13,099 AdminHey, has anyone alerted Brian Krebs about this? I don't see attrition.org mentioned in any of his blog articles, but stolen passport info seems to be something he'd be interested in covering.
And why would anyone in the US gov send a photocopy of their US passport to a security training company based in Pakistan? -
emerald_octane Member Posts: 613Also....I wonder how the DOD will respond with CEH being on the 8570 directive.
I agree. I am not anywhere near DoD requirements but I thought the CEH would be a good bid for the future if I decided to. No longer. I'll keep CEH and CHFI up to date but I probably won't take any more eccouncil exam. This, plus my ongoing issues with the iClass...yeah...
ISC^2, GIAC and ISACA certs for me moving forward.
Edit: And, if it were a simple DNS redirect that were going on here, ok, I can understand that. But what's up with the passports thing? That's what makes me the most nervous and where the most harm comes from. On the left is a gmail interface; and it looks like it might belong to someone/something of eccouncil (cehapp?).
Doubtful, but what if there were sniffed credentials for an account in the eccouncil.org domain with some administrative power or linked to something like the password reset for the dns server. So many questions. -
colemic Member Posts: 1,569 ■■■■■■■□□□LOL, they do not have on-call.
cant tell since the site is still down but i believe that is a requirement as part of their redonkulous 'application review' process, if you attempt the test without going through an official channel or course.
krebs is aware he retweeted a comment yesterday.
Will be interesting to see their booth at RSA... that could be awkward.
saw on twitter that someone wants to either take ceh off their resume, or change it to CEHLOL.
What effect will this have on them long-term? They have been nothing short of craptacular in dealing with this so far.Working on: staying alive and staying employed -
Lostpacket Member Posts: 25 ■■■□□□□□□□emerald_octane wrote: »I agree. I am not anywhere near DoD requirements but I thought the CEH would be a good bid for the future if I decided to. No longer. I'll keep CEH and CHFI up to date but I probably won't take any more eccouncil exam. This, plus my ongoing issues with the iClass...yeah...
ISC^2, GIAC and ISACA certs for me moving forward.
Edit: And, if it were a simple DNS redirect that were going on here, ok, I can understand that. But what's up with the passports thing? That's what makes me the most nervous and where the most harm comes from. On the left is a gmail interface; and it looks like it might belong to someone/something of eccouncil (cehapp?).
Doubtful, but what if there were sniffed credentials for an account in the eccouncil.org domain with some administrative power or linked to something like the password reset for the dns server. So many questions.
My guess is that Eccouncil uses Google Apps for their email (which is in my opinion an excellent choice) and that the info @ account was compromised because there would likely be thousands of similar emails (with passport images) from other .mil guys there too.
If I'm right, somebody should have had their 2 step verification enabled... -
emerald_octane Member Posts: 613Lostpacket wrote: »My guess is that Eccouncil uses Google Apps for their email (which is in my opinion an excellent choice) and that the info @ account was compromised because there would likely be thousands of similar emails (with passport images) from other .mil guys there too.
Yep. Considering passport numbers and all that good stuff are PII, they will probably have to start gearing up the breach notify letters as well. -
wes allen Member Posts: 540 ■■■■■□□□□□5:30AM, still redirected.
Don't think they would fall under US/EU breach notification laws, so don't know if they will feel the need for sending letters?
If the attacker gained control of the gmail account that was used for the DNS registrar, they could have transferred ownership, rather then just a simple change of nameserver or www info, which,if so, might take awhile to straighten out, esp if it is a small registrar. From the screenshots posted, It looks like the attacker does have access to that account, so you would have to assume they have access to anything send to that account as well. -
Master Of Puppets Member Posts: 1,210My opinion of EC-Council was not that high but I was still thinking of getting the CEH at some point. Now, I'm not so sure. This truly is worth a chuckleYes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
-
Asif Dasl Member Posts: 2,116 ■■■■■■■■□□Here's a blog post about who done it! A 15 year old kid!
I can't remember if I emailed an application to ECCouncil for CEH, I had planned on doing it but it fell by the wayside... -
colemic Member Posts: 1,569 ■■■■■■■□□□5:30AM, still redirected.
Don't think they would fall under US/EU breach notification laws, so don't know if they will feel the need for sending letters?
I would think they would since they just announced TODAY they have received 501c3 status as a nonprofit org.http://www.prweb.com/releases/certifiedethicalhacker/computernetworkdefense/prweb11588227.htm Priorities, right? ;)edit: this may just be for the 'eccouncil foundation' looking for more info to confirm. I first saw this on twitter this morningWorking on: staying alive and staying employed -
tpatt100 Member Posts: 2,991 ■■■■■■■■■□I think I am most disappointed by the poor/lack of response.
-
colemic Member Posts: 1,569 ■■■■■■■□□□from Univeristy tuition fee for the year 2013 | EC-Council University - if you are wanting to go through the Master of Security Science program, AV software is recommended but not required. mind.blownWorking on: staying alive and staying employed
-
BGraves Member Posts: 339As a current WGU student working on the CEH class/exam....this is slightly frustrating! Not being able to access the iclass/ilabs is a bit sad...
Concur about lack of response... -
colemic Member Posts: 1,569 ■■■■■■■□□□You can't get into ilabs through WGU? Wow. Brought down harder than I thought if their online stuff is toast as well.Working on: staying alive and staying employed
-
emerald_octane Member Posts: 613iLabs are toast. I have my CFHI exam today and planned on labbing encase over the weekend. guess not.
-
bigdogz Member Posts: 881 ■■■■■■■■□□This is just a disgrace. It is still down as of 11:40 am Eastern time.
-
5ekurity Member Posts: 346 ■■■□□□□□□□Maybe they need SEC504? But seriously, an IR plan for this type of organization should include some type of PR response or acknowledgement that something is happening. Nothing is 100% secure but they can save a lot of face by having the appropriate response measures in place and essentially practicing what they preach.
-
emerald_octane Member Posts: 613For MSISA students I let the course mentor know that the site is out of commission (if she doesn't already). If they continue offering the course I hope they allow future students to get the hard copy of the iClass course material rather than the stream only option. That or offer the GIAC GCIH exams instead.
-
colemic Member Posts: 1,569 ■■■■■■■□□□from twitter: does (should) WGU consider this a breach of student information? I don't know... I don't know how the info is passed to eccouncil prior to taking the exam. any thoughts?Working on: staying alive and staying employed
-
5ekurity Member Posts: 346 ■■■□□□□□□□I don't think you can tell at this point. It would depend on the type of data transmitted to EC-Council, how and where the data is stored, and evidence that the data was accessed or otherwise tampered with. EC-Council remaining quiet is probably the worst thing they can be doing right now.
-
BGraves Member Posts: 339As a current student, I'm not 100% sure what information WGU gives ECCouncil. I guess it's probably time to get in touch with the course mentor...
-
colemic Member Posts: 1,569 ■■■■■■■□□□When the smoke clears, it would still probably be appropriate for WGU to notify students that the info EC-Council has may be compromised, and suggest steps to take.Working on: staying alive and staying employed
-
BGraves Member Posts: 339From the course mentor:
"Just got an email that included the following statement
NO STUDENT INFO WAS STOLEN - the hacker just redirected the EC-Council site; the servers were never penetrated" -
emerald_octane Member Posts: 613hmmmmmmm then I wonder if the gmail interface, snowden passport were just a rouse?
-
colemic Member Posts: 1,569 ■■■■■■■□□□I think I would call BS on that... clearly unauthorized access occurred ON TOP of the web defacement. The passport and Snowden's recommendation letter prove that. Would you mind posting the entire content of the email (redacted)?Working on: staying alive and staying employed