Over the weekend, and as of today at 11:00am EST, EC-Council, the organization famous for administering the Certified Ethical Hacker (CEH) as well as the Computer Hacking Forensics Investigator (CHFI) had been hacked by an individual who claims to be a “certified unethical software security professional” going by the alias “Eugene Belford”. Eugene Belford was actually a character in the movie “Hackers” which came out in 1995 directed by Iain Softley as well as staring Angelina Jolie.
The hacked website was defaced with a picture of Edward Snowden’s passport and e-mail application for the CEH exam as shown here. In addition to the images the individual responsible for the site compromise, published the following message:
“owned by certified unethical software security professional -Eugene Belford”. Eugene Belford, is a character from the movie “Hackers”.
Then a few hours later updated the message to the following:
“owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/-Eugene Belford
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”.
It did seem many individuals who followed this event in its early stages missed the point pertaining to the unauthorized access and control of personal identifiable information of EC-Council certified professionals now in someone else’s hand. And due to DoDD 8570 requirements many of these professionals are members of the US military, the FBI, and the National Security Agency just to name a few.
This assertion comes from EC-Council claim that it “has trained over 80,000 individuals and certified more than 30,000 security professionals from such fine organizations as the US Army, the FBI, Microsoft, IBM, and the United Nations”.
It is highly probably that passports and other photo ID details of approximately 30,000 security professionals who have either obtained or applied for EC-Council related certifications are now at risk after this compromise.
With the recent holiday breaches of 2013 so fresh in our minds, this is just another reminder about how safe is our information in the hand of others.
SecurityOrb.com has attempted to contact EC-Council but there was no response as of this publishing this article. SecurityOrb.com will continue to make attempts to obtain a statement as well as update any new findings we discover.