Back in February, a hacker managed to deface the website of EC-Council, an organization that provides IT security training and certification. Now, three weeks after the incident, EC-Council has provided additional details about the attack.
In a statement posted on its website, EC-Council maintained the fact that the defacements were a result of DNS poisoning. The hacker, calling himself Eugene Belford (the name of a character in the movie “Hackers”), managed to deface the site three times because the organization was having trouble getting in touch with the appropriate domain registrar personnel.
The domain registrar in question was unable to secure its servers, so EC-Council was forced to shut down its website while it migrated services to a different company.
After hijacking the certification company’s domain, the attacker leveraged a vulnerability in the password reset policy of an email service provider used by EC-Council to compromise “a small number of email accounts.”
“This resulted in unauthorized access to messages in those specific email boxes for a short duration of time. The potentially compromised accounts represent approximately 2% of their customer base.” EC-Council representatives stated.
It’s uncertain if the hacker has stolen any data from the compromised email accounts. However, EC-Council is notifying them. Credit card information has not been obtained, the company says.
“As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any,” the statement reads.
The organization says it’s working with law enforcement agencies across three continents to track down the attacker. In the meantime, it has rolled out additional security measures to prevent future incidents.
r000t’s Blag has conducted an investigation and has determined that the perpetrator is a 16-year-old Finnish individual who’s a former member of Hack the Planet (HTP), a group that breached the systems of web hosting and cloud computing provider Linode back in April 2013.
The hacker in question was excluded from the group after the Linode hack. Shortly after, HTP disappeared from the hacking scene.
r000t’s Blag has found evidence that the server to which EC-Council’s visitors were redirected during the hack attack is owned by this individual from Finland.
The teen who has targeted EC-Council is said to already be on the FBI’s radar. The agency reportedly arrested him in Las Vegas at DEF CON 2013. However, they had to let him go.