Options
CEH site hacked
Lostpacket
Member Posts: 25 ■■■□□□□□□□
in CHFI
I went to log in today and I see Snowdens Passport and his email requesting to be able to sit for the exam back in 2010.
Along with :
owned by certified unethical software security professional-Eugene Belford
Along with :
owned by certified unethical software security professional-Eugene Belford
Comments
-
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Ouch...
Edit: I'm a little surprised the page is still up. You'd think they would have noticed or been notified by now.
Double edit: All the things, including the primary domain 'eccouncil.org' is defaced
Triple edit: A DNS lookup of 'eccouncil.org' now points to a server on the Ecatel network, well-known for cybercrime. DNS hijacking? Which would answer my earlier question of why the site is still up. Not sure where eccouncil.org was hosted before though.. -
Optionsdpsmooth15 Banned Posts: 155I dont know if I should laugh like Iris or feel bad for them.. I think I am in that grey area somewhere. It was probably done by some 17 year old kid, who has been working on it since Friday night.
P.S. Not sure why the f**k I clicked on that site… …I guess I am the guy you say hey..I see a rattle snake, and I go get a closer look and get BIT like that guy from Snake Salvation (no offensive) -
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□It's not hosting anything funky, I opened it up with a proxy debugger running.
***To be more specific it's not serving anything malicious that my Macbook was qualified to receive at least. -
OptionsIristheangel Mod Posts: 4,133 ModI more laugh at the irony than anything else. I don't wish any harm on the folks at EC-Council.
EC-Council did an excellent job at marketing I suppose. I met my fair share of people who think you shouldn't even put it on your resume because it means you can "seriously hack" and then I've met my fair share of people that think it's going to do big things for their career if they get their CEH. Unfortunately, their marketing probably put a big bullseye on them. -
OptionsJoJoCal19 Mod Posts: 2,835 ModI went to check out the CEH iClass materials to see what it's all about and noticed that. I too had an internal chuckle at the irony.
Iris, I too have heard both things. My honest opinion is that both are somewhat true. Certain hiring managers might be wary of candidates with it and if the job description does not have it as a desired cert, I'd leave it off. On the flip side I've spoken to internal and external recruiters that gush over it.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
OptionsKhaos1911 Member Posts: 366I know CEH gets panned around these parts, but I actually enjoyed studying for the exam and learned a bunch of new things that I never went so in depth on. I definitely overstudied, but I learned some new things. I guess I just have a soft spot for CEH....I still thinks its the "coolest sounding" cert, lol.
-
Optionscyberguypr Mod Posts: 6,928 ModWow, still up. This is officially the funniest thing I've ever seen.
-
Optionsemerald_octane Member Posts: 613This is insane! DNS Hijacking; wonder if the admins were using weak credentials? Or social engineering of the dns provider?
-
OptionsJasminLandry Member Posts: 601 ■■■□□□□□□□As per EC-COUNCIL Website has been Hacked, Swonden it's been almost 2 hours.. it is actually pretty funny.
-
Optionsemerald_octane Member Posts: 613what makes this funnier if not sad is that alot of the WGU folks will be up a creek because they won't be able to access the iLab OR iClass materials live. I have the CHFI on Monday. Good thing I already did alot of the work.
-
Optionsnelson8403 Member Posts: 220 ■■■□□□□□□□wow that's not something you would expectBachelor of Science, IT Security
Master of Science, Information Security and Assurance
CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016) -
Optionscolemic Member Posts: 1,569 ■■■■■■■□□□as of 23:20 central time, still defaced. beyond funny.Working on: staying alive and staying employed
-
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Not defaced, the DNS record is now pointing to an alternate server hosting whatever the attackers want us to see. That being said I do wonder why it has taken so long.
I haven't handled a DNS hijacking Incident however, so I don't know what type of red tape is required to resolve this type of issue with the service provider, which will have to do an investigation of its own. -
Optionscyberguypr Mod Posts: 6,928 ModThe reason is evident. They are trying to locate Snowden so he can tell them how to fix it.
Edit: DNS back to normal as of midnight CST. -
Optionsemerald_octane Member Posts: 613Oh god now it's even worse.
I dont think EC-C ever regained control, but if they did, it was lost. This is on the homepage now:[h=1]Defaced again? Yep, good job reusing your passwords morons jack67834#[/h] -
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Also added:P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials
That snowden email looks like a Gmail portal the attacker gained access to. Man...they appear royally owned.
Also, has eccouncil.org always been hosted with Ecatel? The attacker used the word 'defaced' which makes me think this is not DNS hijacking...Why on Earth would a legitimate security-related organization host with Ecatel? -
Optionswes allen Member Posts: 540 ■■■■■□□□□□This blog, and from what I saw on twitter seems to imply DNS redirection, But, looks like additional ownage going on as well.
"The Plague" returns to deface EC Council website | CSO Blogs -
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Nice, thanks for the link - News like this makes me wish I had good passive DNS connections.
-
Optionsxnx Member Posts: 464 ■■■□□□□□□□It's surprising how easy it is for some people to do DNS hijacks with just a bit of clever social engineering most of the time, I bet they were using Go Daddy LOLGetting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently -
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□eccouncil.org appears to have its content restored. "Think about the UNTHINKABLE event. Are you SKILLED to handle the cyber attack?" is now displayed under the C|EH section of the site, which made me chuckle. Not that I need to remind anyone here of the irony..
I did another DNS lookup, here are the dig results:
;; QUESTION SECTION:
;eccouncil.org. IN A
;; ANSWER SECTION:
eccouncil.org. 86165 IN A 93.174.95.82
An authoritative answer pointing to Ecatel...Is eccouncil.org actually hosted by freaking Ecatel? -
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Yeah, that's weird - A moment ago I was able to hit the site and was looking at eccouncil's original content.
-
OptionsJDMurray Admin Posts: 13,034 AdminLooks like the Twitterverse is having a good, hard go at the ECC: Meltwater IceRocket twitter search
The ironic thing is I will be teaching an ethical hacking class soon and this will be my example of Website defacement. :duncecap:
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Optionsimpelse Member Posts: 1,237 ■■■■□□□□□□It is still defaced at 7:00 pm central time.Come on.
In the other hand maybe they are trying to catch him and let him/them to play.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Optionsbryguy Member Posts: 190Looks like their iLab and iClass sites are down as well... How embarassing. Not a lot of other resources for CHFI material, I'm afraid. Anyone have any info on the additional .mil passports that were compromised?