The EC-Council, which offers training for the Certified Ethical Hacker (CEH) program, has had its website defaced by a hacker who claims to have access to thousands of passports belonging to law enforcement and military officials.
And, as if to prove their point, the hacker responsible for the attack has replaced the home page of the EC-Council’s website (http://www.eccouncil.org) with an image of a passport belonging to famous NSA whistleblower Edward Snowden.
More than 60,000 security professionals are thought to have obtained or applied for the EC-Council’s Certified Ethical Hacker certification, and could – if the hacker’s claims are true – have had their personal details exposed.
Quite how the hacker managed to deface the EC-Council website is currently unclear, although it is possible they achieved the attack by hijacking the site’s DNS entries to force them to point to a different server.
Certainly, whoever was behind the defacement appears to be blaming lax password security for the breach:
Defaced again? Yep, good job reusing your passwords morons jack67834#
owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials
If you’re wondering, Eugene Belford is a character from the 1995 film “Hackers”, played by Fisher Stevens.
There is no reason to believe that Mr Stevens is responsible for this attack. :)
Remember folks, you should never use the same password in more than one place.
If you do re-use passwords, you are playing a dangerous game. That’s because if your password is grabbed by hackers from one site, the attackers will often attempt to try the same password they have stolen from one website on other sites (such as your webmail, Dropbox, etc etc).
Before you know it, your entire online identity has been unlocked.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.