Cyber Incident Victim: International Council of E-Commerce Consultants
Date:
Feb 2014
Location:
United States of America
Summary
A cybersecurity certification organization's website was defaced by a hacker using the alias Eugene Belford, who posted Edward Snowden's passport and a 2010 email correspondence while claiming access to thousands of law enforcement and military passport records. The attacker criticized password reuse practices in defacement messages and referenced historical grievances alleging plagiarism in the organization's training materials. Security researchers suggested DNS hijacking and unauthorized access to Google Apps via domain verification account resets facilitated the breach. The incident exposed reputational vulnerabilities and operational security shortcomings, with the organization having previously faced criticism for its certification programs and content sourcing practices. No official statement was issued in response to the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 23, 2014, the website of EC-Council, an international organization providing cybersecurity certifications such as Certified Ethical Hacker (CEH) and Computer Hacking Forensics Investigator (CHFI), was defaced by an individual using the alias "Eugene Belford." The attacker replaced the homepage content with a message criticizing EC-Council's security practices, specifically mocking password reuse with the phrase "Defaced again? Yep, good job reusing your passwords morons jack67834#." Belford claimed to have compromised sensitive data during the breach, alleging possession of "thousands of passports belonging to LE [Law Enforcement] (and .mil) officials." As evidence, the hacker posted a photograph of Edward Snowden's passport alongside a 2010 email correspondence between Snowden and EC-Council. The defacement referenced historical grievances against EC-Council compiled by attrition.org, which accused the organization of plagiarizing educational materials for its commercial certification programs and operating a virtual university despite these ethical concerns.
The incident marked a recurrence of security compromises against EC-Council, though specific details about prior defacements were not elaborated in available reports. Security researchers Ashkan Soltani and Collin D. Anderson analyzed publicly available information from the attack, including a screenshot of an email posted by the hacker, and suggested on Twitter that the attacker likely hijacked EC-Council's DNS infrastructure and gained access to Google Apps through a domain verification account reset. EC-Council did not issue an immediate public statement or respond to media inquiries from Ars Technica following the breach. The organization's Facebook page, active at the time, highlighted its clientele, including the US Army, FBI, Microsoft, IBM, and the United Nations, and stated it had trained over 80,000 individuals while certifying more than 30,000 security professionals. No further details regarding containment actions, forensic analysis, or data breach notifications were disclosed in the available source material.