Cyber Incident Victim: International Council of E-Commerce Consultants
Date:
Jan 2015
Location:
Indonesia
Summary
The International Council of E-Commerce Consultants experienced multiple sub-domain defacements by the Indonesian hacker group Gantengers Crew, who replaced content with mocking messages criticizing the organization's security practices. Attackers specifically targeted pages related to its information security training programs, highlighting perceived vulnerabilities in the institution's infrastructure. This incident followed prior breaches where the group and others compromised the organization's web presence, including replacing content with references to Edward Snowden. The repeated compromises drew attention to discrepancies between the victim's security training offerings and its own operational security failures, with defacements remaining active at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
On January 1, 2015, Indonesian hacking group Gantengers Crew defaced a sub-domain of the International Council of E-Commerce Consultants (EC-Council), an organization providing information security certifications and training. The attackers subsequently compromised two additional EC-Council sub-domains—specifically targeting the CCISO Information Security Management Training Program at ciso.eccouncil.org and the iLABS platform at ilabs.eccouncil.org. Hackers replaced legitimate content with defacement pages containing mocking messages questioning EC-Council's security competence, including the statement: "Pwnz by Gantengers Crew & SultanHaikal & Jinja EC-Council hacked?" Proof-of-compromise records were publicly available through Zone-H mirror links documenting both sub-domain breaches. This incident represented a continuation of security failures at EC-Council, as the organization had previously suffered website defacements on February 24, 2014, when attackers replaced its index page with Edward Snowden's passport details, and another unspecified third intrusion where hackers similarly criticized the institution's security posture.
The repeated breaches exposed systemic vulnerabilities in EC-Council's web infrastructure, particularly affecting sub-domains associated with critical training platforms. Attackers consistently leveraged website defacement as their primary tactic, substituting operational pages with customized content that ridiculed the organization's security practices while promoting the hacking group's activities. At the time of public reporting on January 6, 2015, both compromised sub-domains remained under attacker control with defacement pages still active, indicating delayed containment measures. The incidents highlighted operational contradictions between EC-Council's role as a provider of cybersecurity education—including ethical hacking certifications—and its recurrent failures to implement basic website security controls against publicly visible attacks. No restoration timelines, technical countermeasures, or organizational responses were documented in available incident reports.