Hackers deface ethical hacking website, with image of Edward Snowden’s passport

Graham cluley
Graham Cluley
@[email protected]

CEH The EC-Council, which offers training for the Certified Ethical Hacker (CEH) program, has had its website defaced by a hacker who claims to have access to thousands of passports belonging to law enforcement and military officials.

And, as if to prove their point, the hacker responsible for the attack has replaced the home page of the EC-Council’s website (http://www.eccouncil.org) with an image of a passport belonging to famous NSA whistleblower Edward Snowden.

Defaced website

More than 60,000 security professionals are thought to have obtained or applied for the EC-Council’s Certified Ethical Hacker certification, and could – if the hacker’s claims are true – have had their personal details exposed.

Sign up to our free newsletter.
Security news, advice, and tips.

Quite how the hacker managed to deface the EC-Council website is currently unclear, although it is possible they achieved the attack by hijacking the site’s DNS entries to force them to point to a different server.

Certainly, whoever was behind the defacement appears to be blaming lax password security for the breach:

Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials

Eugene Belford If you’re wondering, Eugene Belford is a character from the 1995 film “Hackers”, played by Fisher Stevens.

There is no reason to believe that Mr Stevens is responsible for this attack. :)

Remember folks, you should never use the same password in more than one place.

If you do re-use passwords, you are playing a dangerous game. That’s because if your password is grabbed by hackers from one site, the attackers will often attempt to try the same password they have stolen from one website on other sites (such as your webmail, Dropbox, etc etc).

Before you know it, your entire online identity has been unlocked.

If you find passwords a burden – simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

One comment on “Hackers deface ethical hacking website, with image of Edward Snowden’s passport”

  1. Coyote

    Just as a quick response:
    It is worth noting that the link in the defacement – attrition.org – is indeed the real deal. They didn't do the defacement but they have a long history of being defamed/slandered/libelled by charlatans (even going back to the days before they were at attrition.org) for the very reason that they don't like charlatans (and why should they like charlatans?). No, their site isn't flashy but there's reasons for that too. Either way, yes, if they claim someone is a charlatan it is the honest truth (and yes I know some of the people behind Attrition, as an aside and a disclaimer). That doesn't equate to anything being legal or not but it does equate to showing who is who in this story.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.