Hackers deface ethical hacking website, with image of Edward Snowden’s passport

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

CEHThe EC-Council, which offers training for the Certified Ethical Hacker (CEH) program, has had its website defaced by a hacker who claims to have access to thousands of passports belonging to law enforcement and military officials.

And, as if to prove their point, the hacker responsible for the attack has replaced the home page of the EC-Council’s website (http://www.eccouncil.org) with an image of a passport belonging to famous NSA whistleblower Edward Snowden.

Defaced website

More than 60,000 security professionals are thought to have obtained or applied for the EC-Council’s Certified Ethical Hacker certification, and could – if the hacker’s claims are true – have had their personal details exposed.

Sign up to our free newsletter.
Security news, advice, and tips.

Quite how the hacker managed to deface the EC-Council website is currently unclear, although it is possible they achieved the attack by hijacking the site’s DNS entries to force them to point to a different server.

Certainly, whoever was behind the defacement appears to be blaming lax password security for the breach:

Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials

Eugene BelfordIf you’re wondering, Eugene Belford is a character from the 1995 film “Hackers”, played by Fisher Stevens.

There is no reason to believe that Mr Stevens is responsible for this attack. :)

Remember folks, you should never use the same password in more than one place.

If you do re-use passwords, you are playing a dangerous game. That’s because if your password is grabbed by hackers from one site, the attackers will often attempt to try the same password they have stolen from one website on other sites (such as your webmail, Dropbox, etc etc).

Before you know it, your entire online identity has been unlocked.

If you find passwords a burden – simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Hackers deface ethical hacking website, with image of Edward Snowden’s passport”

  1. Coyote

    Just as a quick response:
    It is worth noting that the link in the defacement – attrition.org – is indeed the real deal. They didn't do the defacement but they have a long history of being defamed/slandered/libelled by charlatans (even going back to the days before they were at attrition.org) for the very reason that they don't like charlatans (and why should they like charlatans?). No, their site isn't flashy but there's reasons for that too. Either way, yes, if they claim someone is a charlatan it is the honest truth (and yes I know some of the people behind Attrition, as an aside and a disclaimer). That doesn't equate to anything being legal or not but it does equate to showing who is who in this story.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.