Hackers deface ethical hacking website, with image of Edward Snowden's passport

CEHThe EC-Council, which offers training for the Certified Ethical Hacker (CEH) program, has had its website defaced by a hacker who claims to have access to thousands of passports belonging to law enforcement and military officials.

And, as if to prove their point, the hacker responsible for the attack has replaced the home page of the EC-Council's website (http://www.eccouncil.org) with an image of a passport belonging to famous NSA whistleblower Edward Snowden.

Defaced website

More than 60,000 security professionals are thought to have obtained or applied for the EC-Council's Certified Ethical Hacker certification, and could - if the hacker's claims are true - have had their personal details exposed.

Quite how the hacker managed to deface the EC-Council website is currently unclear, although it is possible they achieved the attack by hijacking the site's DNS entries to force them to point to a different server.

Certainly, whoever was behind the defacement appears to be blaming lax password security for the breach:

Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials

Eugene BelfordIf you're wondering, Eugene Belford is a character from the 1995 film "Hackers", played by Fisher Stevens.

There is no reason to believe that Mr Stevens is responsible for this attack. :)

Remember folks, you should never use the same password in more than one place.

If you do re-use passwords, you are playing a dangerous game. That's because if your password is grabbed by hackers from one site, the attackers will often attempt to try the same password they have stolen from one website on other sites (such as your webmail, Dropbox, etc etc).

Before you know it, your entire online identity has been unlocked.

If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

One Response

  1. Coyote

    February 25, 2014 at 2:19 am #

    Just as a quick response:
    It is worth noting that the link in the defacement – attrition.org – is indeed the real deal. They didn't do the defacement but they have a long history of being defamed/slandered/libelled by charlatans (even going back to the days before they were at attrition.org) for the very reason that they don't like charlatans (and why should they like charlatans?). No, their site isn't flashy but there's reasons for that too. Either way, yes, if they claim someone is a charlatan it is the honest truth (and yes I know some of the people behind Attrition, as an aside and a disclaimer). That doesn't equate to anything being legal or not but it does equate to showing who is who in this story.

Leave a Reply