Website of Certified Ethical Hacker certification EC-Council, eccouncil.org has been defaced with the scanned copy of Edward Snowden’s password being displayed prominently and a letter to the organisation from the whistleblower requesting an exam code in the backdrop.
The defaced site also contains a letter from John Niescier, the Information Security Officer at the DSRJ, certifying that Snowden had at least five years of InfoSec experience.
“Defaced again? Yep, good job reusing your passwords morons jack67834#” reads the opening statement on the defaced site. “owned by certified unethical software security professional – Eugene Belford.”
EC-Council owns Certified Ethical Hacker and quite a few other certifications and according to last known stats, has certified 60,000 security professionals with over a fifth of them certified for C|EH.
The original IP address of eccouncil.org was 66.111.3.186, but when we first checked the site was being resolved as being hosted on 93.174.95.82 indicating a possible DNS hijack. At press time the site, which is still defaced, is resolving to the original IP address of 66.111.3.186.
We have tried getting in touch with EC-Council and will update the story once we hear something back.
The individual in question is a 15 year old Finnish national by the name of “Julius Kivimaki. Julius socially engineered the DNS provider over the telephone, and then redirected the website to his Ecatel server. The phrase “htp6” in the HTML source is a reference to the hacking group “Hack the Planet”, which Julius was previously kicked out of. Julius is on the radar of the FBI, but the FBI refuses to do anything to stop this terrorist, because of his age.