CEH site hacked

1235»

Comments

  • bryguybryguy Member Posts: 190
    ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...
  • BGravesBGraves Member Posts: 339
    bryguy wrote: »
    ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...
    Woohoo, can finally get some damn work done! hooray!
  • varelgvarelg Banned Posts: 790
    Business as usual, like nothing ever happened. Certifying and licencing penetration testers, secure programmers, training people to trace cyber criminals... L o l !!
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Yeah at this point I think I'm going to skip the CEH :D
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • sojournsojourn Member Posts: 61 ■■□□□□□□□□
    Came here to post the same thing. Not bothering with the CEH now. Novices.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    colemic wrote: »
    @Sephstorm, where would Snowden's password be compromised? The way it used to work (I sent in the letter in 2010 to be verified to sit for the test, you just had to email them a picture ID and the letter... it just shows that they are just archiving everything in gmail, instead of deleting that sensitive information.I also found this on their site, and find I to be a bit comical: CEH VS SANS and absolutely untrue as well.

    I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.

    Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them.
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Looks like they are finally back up.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    SephStorm wrote: »
    I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.

    Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them.
    They have 'offices' in NM, presumably with employees, who fall under US Labor laws, so why wouldn't they fall under disclosure laws? Not to mention the ethical obligation to disclose to those affected. re: password, I assumed it was an EC-Council member's login that was compromised, hence the access to the entire gmail account.
    Working on: staying alive and staying employed
  • BGravesBGraves Member Posts: 339
    Maybe CEH has it's own rules on handle these kinds of things....similar to that of fight club I guess?
  • geek4godgeek4god Member Posts: 187
    A little irony from their frot page..
    Think About the Unthinkable Event.
    Are you Skilled to Handle
    the Cyber Attack
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    ^ should have an asterisk nest to it: *we are NOT
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    colemic wrote: »
    They have 'offices' in NM, presumably with employees, who fall under US Labor laws, so why wouldn't they fall under disclosure laws? Not to mention the ethical obligation to disclose to those affected. re: password, I assumed it was an EC-Council member's login that was compromised, hence the access to the entire gmail account.
    I don't know what the specific rules and regulations are that a certification vendor must abide by to have its certs in DoDD 8570.01, but there must be some strict enforcement on protecting the PII of the DoD employees that they certify and the payment information provided to them by the US Federal government.
  • 5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    Can I get a round of applause on their communication skills? bowing.gif
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    <crickets chirping>
    Working on: staying alive and staying employed
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Still radio silence. In the meanwhile I leave you with the daily chuckle:
    Well what can I say? As a fellow CEH and CHFI and ECSA and LPT and many many more certifications, I can safely say that it is NOT the fault of the CEH certification and the CEH certification is the BEST in the market for 50% theory and 50% practical. It is the most standardised as a certification and it is ALWAYS up to the instructor to be the best he/she can be to deliver the course. The courseware is a guideline. When I deliver the course I go far beyond the material and we delve into Buffer Overflow and Assembler coding, so try and not blame the certification and the instructors around the world! Be logical. This can happen to any company and it has! This is a user error and heads will roll and EC-Council will just improve and overall it will be a good result for all CEH’s and the public in the long run.
    Pride is at stake and well Yes there needs to be an honest reply from EC-Council and to be honest, who can accurately say they are 100% secure? That does not exist!

    Source
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Drumroll please... EC-Council has a new statement regarding their breach: EC-Council takes the privacy and confidentiality of their customers very seriously. | EC-Council News ROFL
    Working on: staying alive and staying employed
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    full text: On Saturday, February 22nd, 2014, the ICANN-accredited domain registrar of EC-Council was compromised and as a result, EC-Council suffered a DNS Poisoning attack, which resulted in their website being defaced. EC-Council launched a comprehensive investigation and began work to regain control immediately.

    As the attack happened over the weekend, EC-Council’s security team had challenges reaching the appropriate domain registrar personnel to address the situation. As a result, the hacker was able to maintain control of the registrar’s system and the EC-Council domain during this time period. The domain registrar in question was unable to secure their servers to a level desired by EC-Council and during this period, the domain registrar was exposed at least 2 more times. As such, EC-Council sustained an outage while moving the entire domain to another provider. Simultaneously, the EC-Council security team instituted additional countermeasures to other EC-Council systems within their direct control and began strengthening other security measures organization-wide.

    EC-Council uses a cloud service provider for enterprise email. Once the domain privilege was attained, the hacker then issued a password reset request to the email service provider. This circumvented EC-Council’s best practices of using complex passwords and 2-factor authentication.


    EC-Council has informed the service provider of this password reset policy vulnerability and are hopeful that they have already rectified it for the benefit of the IT community in general.


    With administrative access to the email service provider, the hacker was able to compromise a small number of email accounts before the EC-Council security team was able to respond to the breach. This resulted in unauthorized access to messages in those specific email boxes for a short duration of time. The potentially compromised accounts represent approximately 2% of their customer base.

    As the investigation is ongoing, EC-Council was unable to ascertain if any data was compromised in these accounts. However, as a precautionary measure, they are writing to notify customers that have sent any personally identifiable information to EC-Council via e-mail that there is a possibility that these may have been exposed through email. No credit card data was compromised. As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any.

    EC-Council strives to set a very high bar for how they serve their community, and this incident is upsetting. EC-Council has since transferred their domain to another registrar, changed policies on management of personal information, improved existing data retention policies, introduced two-factor authentication for member portals, and improved security procedures and systems. They will continue to do more in the weeks and months to come.

    EC-Council has been working closely with law enforcement agencies across 3 continents. EC-Council is doing everything in their power to prevent this from happening again and will leverage the full extent of international law to prosecute the individual responsible.

    EC-Council is a vibrant community like no other, and value their customers. Please let them know if you have any questions, comments, or concerns. You can reach them at accountsecurity@eccouncil.org.
    Working on: staying alive and staying employed
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Am I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?
    Working on: staying alive and staying employed
  • Asif DaslAsif Dasl Member Posts: 2,116 ■■■■■■■■□□
    No idea how their gmail got hacked unless they used the same password for both? I dunno.. Gmail has got 2 step authentication

    So we are not to use GoDaddy because they were involved in the @N hijacking and we are not to use WebNIC.cc because they were involved in the EC Council hijacking. EC Council went back to good ol' Network Solutions!

    Seemingly WebNIC.cc caused some other domain to go offline also - they have a testimonial from someone else that got hit..
    "I would like to express my sincere thank you to you and all of your staff.

    Regarding the domain incident happened in last month, it was solved with your professional and generous assistance. I will never be able to express how thankful I am for what you and your colleagues did. Your dedication and support was unbelievable!

    I have no doubt that WebNIC is the best partner of UDomain and will have a long business relationship.

    With thanks again and best wishes to you. "

    To Cheung
    (CEO)
    UDomain Web Hosting Co Ltd

    Meant to post this last week also: Inside Eugene’s Gibson (EC-Council, Part II) | r000t's Blag
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    That statement is the epitome of corporate BS. Not like I was expecting anything better, but come on! Zero due diligence with their vendors and zero concept of due care. Lovely.

    I do wonder where they sent Snowden his PII exposure notification icon_smile.gif
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    colemic wrote: »
    Am I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?
    So the attackers gained access to ECC's DNS account, sent a password reset request to ECC's Gmail account, Gmail sent the password reset email to ECC's DNS provider, and the attackers also had access to the same email account? If so, that was all pretty lucky for the attackers.

    And how did the attackers manage to provide the second factor of authentication to Gmail to reset the password, or is providing the 2nd factor not required when resetting a forgotten Gmail password?
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    I can't wrap my head around it. There is no way that they are being truthful. A bunch of merde, as the French say.
    Working on: staying alive and staying employed
  • f0rgiv3nf0rgiv3n Member Posts: 598 ■■■■□□□□□□
    Are we sure it was a gmail hosted email account? It says "cloud service" but are we sure it was google that hosted it? Either way, I can see how something like this might possibly happen since they owned the DNS account they also controlled the MX records for that domain. Without knowing the exact provider or more details on how it was setup it is definitely fuzzy but by having access to their MX records that might have had something to do with it.
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    aspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.
  • LostpacketLostpacket Member Posts: 25 ■■■□□□□□□□
    JDMurray wrote: »
    aspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.

    Better late than never I guess. Google has had that feature available since 2011 I believe.

    I've had it enabled on both my work and personal Gmail accounts for over a year. The Google Authenicator smartphone app works slick.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Doge hacked EC-Council this time.

    Such hacks much impress wow
    Capture.png
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • ITrascalITrascal Member Posts: 55 ■■■□□□□□□□
    are you serious lmbo!!
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Silly Libyans, dont they know that cats are the only acceptable hax logo?
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    Zeus is fine now and none of the other eccouncil.org sites seem to have been affected.
Sign In or Register to comment.