EC-Council Website Defaced Twice In A Weekend [Updated]

By William Knowles @c4i
Senior Editor
InfoSec News
February 23, 2014
[Updated]

Today’s defacement of the EC-Council (the second time this weekend) by Eugene Belford (a.k.a. The Plague) threatens the compromise of the 60,000+ security professionals who currently hold CEH certifications.

Individuals who have achieved EC-Council certifications include the US Army, the FBI, Microsoft, IBM, the United Nations, National Security Agency (NSA). Also, the United States Department of Defense has included the EC-Council Certified Ethical Hacker program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)

In the most recent defacement, Eugene Belford has stated that “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” leading the InfoSec News staff to believe considering the mail on the defacement page is from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, with a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

Eugene Belford has potentially sixty thousand other similar statements from undercover law enforcement agents, intelligence professionals, and members of the United States Military, creating an additional quagmire and has you wondering why the EC-Council has all this personally identifiable information sitting unprotected online?