CEH site hacked

bryguy

ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...

BGraves

bryguy wrote: »

ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...

Woohoo, can finally get some damn work done! hooray!

varelg

Business as usual, like nothing ever happened. Certifying and licencing penetration testers, secure programmers, training people to trace cyber criminals... L o l !!

Master Of Puppets

Yeah at this point I think I'm going to skip the CEH

sojourn

Came here to post the same thing. Not bothering with the CEH now. Novices.

SephStorm

colemic wrote: »

@Sephstorm, where would Snowden's password be compromised? The way it used to work (I sent in the letter in 2010 to be verified to sit for the test, you just had to email them a picture ID and the letter... it just shows that they are just archiving everything in gmail, instead of deleting that sensitive information.I also found this on their site, and find I to be a bit comical: CEH VS SANS and absolutely untrue as well.

I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.

Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them.

MrAgent

Looks like they are finally back up.

colemic

SephStorm wrote: »

I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.

Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them.

They have 'offices' in NM, presumably with employees, who fall under US Labor laws, so why wouldn't they fall under disclosure laws? Not to mention the ethical obligation to disclose to those affected. re: password, I assumed it was an EC-Council member's login that was compromised, hence the access to the entire gmail account.

BGraves

Maybe CEH has it's own rules on handle these kinds of things....similar to that of fight club I guess?

geek4god

A little irony from their frot page..

Think About the Unthinkable Event.
Are you Skilled to Handle
the Cyber Attack

cyberguypr

^ should have an asterisk nest to it: *we are NOT

JDMurray

colemic wrote: »

They have 'offices' in NM, presumably with employees, who fall under US Labor laws, so why wouldn't they fall under disclosure laws? Not to mention the ethical obligation to disclose to those affected. re: password, I assumed it was an EC-Council member's login that was compromised, hence the access to the entire gmail account.

I don't know what the specific rules and regulations are that a certification vendor must abide by to have its certs in DoDD 8570.01, but there must be some strict enforcement on protecting the PII of the DoD employees that they certify and the payment information provided to them by the US Federal government.

5ekurity

Can I get a round of applause on their communication skills?

colemic

<crickets chirping>

cyberguypr

Still radio silence. In the meanwhile I leave you with the daily chuckle:

Well what can I say? As a fellow CEH and CHFI and ECSA and LPT and many many more certifications, I can safely say that it is NOT the fault of the CEH certification and the CEH certification is the BEST in the market for 50% theory and 50% practical. It is the most standardised as a certification and it is ALWAYS up to the instructor to be the best he/she can be to deliver the course. The courseware is a guideline. When I deliver the course I go far beyond the material and we delve into Buffer Overflow and Assembler coding, so try and not blame the certification and the instructors around the world! Be logical. This can happen to any company and it has! This is a user error and heads will roll and EC-Council will just improve and overall it will be a good result for all CEH’s and the public in the long run.
Pride is at stake and well Yes there needs to be an honest reply from EC-Council and to be honest, who can accurately say they are 100% secure? That does not exist!

Source

colemic

Drumroll please... EC-Council has a new statement regarding their breach: EC-Council takes the privacy and confidentiality of their customers very seriously. | EC-Council News ROFL

colemic

full text: On Saturday, February 22nd, 2014, the ICANN-accredited domain registrar of EC-Council was compromised and as a result, EC-Council suffered a DNS Poisoning attack, which resulted in their website being defaced. EC-Council launched a comprehensive investigation and began work to regain control immediately.

As the attack happened over the weekend, EC-Council’s security team had challenges reaching the appropriate domain registrar personnel to address the situation. As a result, the hacker was able to maintain control of the registrar’s system and the EC-Council domain during this time period. The domain registrar in question was unable to secure their servers to a level desired by EC-Council and during this period, the domain registrar was exposed at least 2 more times. As such, EC-Council sustained an outage while moving the entire domain to another provider. Simultaneously, the EC-Council security team instituted additional countermeasures to other EC-Council systems within their direct control and began strengthening other security measures organization-wide.

EC-Council uses a cloud service provider for enterprise email. Once the domain privilege was attained, the hacker then issued a password reset request to the email service provider. This circumvented EC-Council’s best practices of using complex passwords and 2-factor authentication.


EC-Council has informed the service provider of this password reset policy vulnerability and are hopeful that they have already rectified it for the benefit of the IT community in general.


With administrative access to the email service provider, the hacker was able to compromise a small number of email accounts before the EC-Council security team was able to respond to the breach. This resulted in unauthorized access to messages in those specific email boxes for a short duration of time. The potentially compromised accounts represent approximately 2% of their customer base.

As the investigation is ongoing, EC-Council was unable to ascertain if any data was compromised in these accounts. However, as a precautionary measure, they are writing to notify customers that have sent any personally identifiable information to EC-Council via e-mail that there is a possibility that these may have been exposed through email. No credit card data was compromised. As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any.

EC-Council strives to set a very high bar for how they serve their community, and this incident is upsetting. EC-Council has since transferred their domain to another registrar, changed policies on management of personal information, improved existing data retention policies, introduced two-factor authentication for member portals, and improved security procedures and systems. They will continue to do more in the weeks and months to come.

EC-Council has been working closely with law enforcement agencies across 3 continents. EC-Council is doing everything in their power to prevent this from happening again and will leverage the full extent of international law to prosecute the individual responsible.

EC-Council is a vibrant community like no other, and value their customers. Please let them know if you have any questions, comments, or concerns. You can reach them at accountsecurity@eccouncil.org.

colemic

Am I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?

Asif Dasl

No idea how their gmail got hacked unless they used the same password for both? I dunno.. Gmail has got 2 step authentication

So we are not to use GoDaddy because they were involved in the @N hijacking and we are not to use WebNIC.cc because they were involved in the EC Council hijacking. EC Council went back to good ol' Network Solutions!

Seemingly WebNIC.cc caused some other domain to go offline also - they have a testimonial from someone else that got hit..

"I would like to express my sincere thank you to you and all of your staff.

Regarding the domain incident happened in last month, it was solved with your professional and generous assistance. I will never be able to express how thankful I am for what you and your colleagues did. Your dedication and support was unbelievable!

I have no doubt that WebNIC is the best partner of UDomain and will have a long business relationship.

With thanks again and best wishes to you. "

To Cheung
(CEO)
UDomain Web Hosting Co Ltd

Meant to post this last week also: Inside Eugene’s Gibson (EC-Council, Part II) | r000t's Blag

cyberguypr

That statement is the epitome of corporate BS. Not like I was expecting anything better, but come on! Zero due diligence with their vendors and zero concept of due care. Lovely.

I do wonder where they sent Snowden his PII exposure notification

JDMurray

colemic wrote: »

Am I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?

So the attackers gained access to ECC's DNS account, sent a password reset request to ECC's Gmail account, Gmail sent the password reset email to ECC's DNS provider, and the attackers also had access to the same email account? If so, that was all pretty lucky for the attackers.

And how did the attackers manage to provide the second factor of authentication to Gmail to reset the password, or is providing the 2nd factor not required when resetting a forgotten Gmail password?

colemic

I can't wrap my head around it. There is no way that they are being truthful. A bunch of merde, as the French say.

f0rgiv3n

Are we sure it was a gmail hosted email account? It says "cloud service" but are we sure it was google that hosted it? Either way, I can see how something like this might possibly happen since they owned the DNS account they also controlled the MX records for that domain. Without knowing the exact provider or more details on how it was setup it is definitely fuzzy but by having access to their MX records that might have had something to do with it.

JDMurray

aspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.

Lostpacket

JDMurray wrote: »

aspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.

Better late than never I guess. Google has had that feature available since 2011 I believe.

I've had it enabled on both my work and personal Gmail accounts for over a year. The Google Authenicator smartphone app works slick.

UnixGuy

Doge hacked EC-Council this time.

Such hacks much impress wow

ITrascal

are you serious lmbo!!

phoeneous

Silly Libyans, dont they know that cats are the only acceptable hax logo?

JDMurray

Zeus is fine now and none of the other eccouncil.org sites seem to have been affected.