EC-Council has been hacked, and its hacker isn’t keeping silent. The hacker claims to have obtained copies of passports of law enforcement and military officials who signed up for the organization’s courses, which release could impact up to 80,000 individuals.
EC-Council is a company that provides IT and security training and certification programs. The organization has been controversial in that it provides courses and certifications for “ethical hacking.” Notably, the US Department of Defense requires that its Computer Network Defense Service Providers take the EC’s “Certified Ethical Hacker” program. The organization claims to have trained between 60,000- 80,000 individuals, including members from the FBI to IBM to the United Nations.
The hacker calls himself “Eugene Belford” – a throwback to the movie “Hackers”. This past weekend, he defaced the EC’s website with documentation that Edward Snowden was trained by this company, posting Snowden’s passport on the website. The hacker claims to also have all the passports and other personal information of those individuals certified by the EC, including law enforcement and military.
The hacker later posted on the defaced page the following:
“Defaced again? Yep, good job reusing your passwords morons jack67834#
owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”
The EC’s website is still currently unavailable, and the EC has yet to comment on the cyberattack.