Hackers about hacking techniques in our IT Security Magazine

No One is Ever Secure: How Hackers Got Hacked

Authors:
Aleksandra Olszewska & Aleksandra Kwiatkowska

You have probably heard about EC-Council and the latest attack. What happened? Who did it? Are ethical hackes in danger because of unethical methods? Only in Hakin9 Magazine – every informations and tracks in this special review.

Introduction: EC-Council
The International Council of Electronic Commerce Consultants (EC-Council) is a U.S. Proffesional organisation. It operates the EC-Council University, offering Masters Degrees in Security Science (MSS) and Business Administration in e-business (MEB). Also, EC-Council is an organizator of conferences: Hacker Halted, Takedown, and CISO Forum.
But the EC-Council is best-known by its proffesional training and certifications in the information security – like Certified Ethical Hacking, which is a main subject of this Hakin9 Magazine’s issue.

What happend?
Persons who tried to visit the EC-Council webpage between 22th and 24th February must have been a bit astonished:

112

At the official EC-Council webpage the main page has been hijacked and redirected visitors to a defacement page hosted at an ISP in Finland (h/t Ars Technica).
As it is shown in screenshot above, the hacker post the message: “Owned by certified unethical software security professional”. He, or she, also posted the scan od Edward Snowden’s U.S. passport and his correspondence with EC-Council – a proof that the hacker has an access to EC-Council datas.
But it was just a begin of breaking the website. Next message from hacker:

112
Figure 2: Screenshot from EC-Council website at February 23th. Source: http://www.ehackingnews.com

In fact, reusing the passwords after the break was a bit reckless.

A message posted on from EC-Coucil Facebook profile on 24th February:
“On February 22nd, 2014 at approximately 8PM EST, the domain www.eccouncil.org was redirected to an ISP in Finland. Immediately EC Council’s Internal Security Response team initiated a comprehensive investigation.
EC-Council’s Security Team has confirmed no access to any EC-Council Servers was obtained, the domain redirection was done at the DNS Registrar and traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites. EC-Council immediately began exercises in security precaution to fortify against any further attempts.
(…) While EC-Council Servers remained untouched and running, the third-party DNS registrar remained affected through the day on Sunday February 23rd and into the morning Monday February 24th.

And the 26th of February…

33

Who is the hacker?
Hacker who is responsible for this attack presents him- or herself with alias ‘Eugene Belford’
Can the hacker be found? There is a track posted by hacker himself.

43

Have you heard about Hack The Planet Zin? It seems that the story of hacking would be described in sixth issue. There is not better way to show up than making a outrage!
Scott Arciszewski (s.arciszewski.me) noticed: “93.174.95.82 falls in the subnet of the ECATEL network, which is in the Netherlands (NL), not Finland (as is was in EC-Council statement – authors) (…) Let’s return to r000t’s claim that the person who hacked EC Council was Zeekill from HTP. If he’s correct, this is the same person who allegedly managed to hide a persistent rootkit on PandaSecurity even after r000t told them about it”.
r000t, aka Blair Strater, is a script kiddie and a troublemaker, who has been sentenced to 50 hours of community service in 2012 for hacking his school website and stealing the credit card numbers. It is worth to mention r000t was 16 years old in this time.

What does the EC-Concil says?
A message posted on from EC-Coucil FaceBook profile on 24th February:
“On February 22nd, 2014 at approximately 8PM EST, the domain www.eccouncil.org was redirected to an ISP in Finland. Immediately EC Council’s Internal Security Response team initiated a comprehensive investigation.
EC-Council’s Security Team has confirmed no access to any EC-Council Servers was obtained, the domain redirection was done at the DNS Registrar and traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites. EC-Council immediately began exercises in security precaution to fortify against any further attempts. EC-Council immediately opened cases with the United States FBI as well as international Law Enforcement to apprehend this individual and launched a full analysis of third party vendors where the security breach was allowed.
(…) While EC-Council Servers remained untouched and running, the third-party DNS registrar remained affected through the day on Sunday February 23rd and into the morning Monday February 24th. EC-Council in Cooperation with domestic and foreign Law Enforcement as well as Judicial Systems will continue to investigate the incident (…)”.

What EC-Council said?
At this moment the EC-Council webpage is running normally.

EC-Council has launched an international cooperative effort with law enforcement entities based on information uncovered during our analysis of this incident. Our cooperation with Law Enforcement is two-fold. First is to establish subpoena’s on third party vendors where computer crimes took place, second is for justice.

This is a clear example of what we have always taught; No one can ever be completely secure. Although EC-Council servers remained untouched, a vulnerability in our third party DNS vendor led to this DNS Hijacking incident, rendering our main website unavailable for a short period of time.
Full text of statement you can find here.

Summary
There is not better summary than what Scott Arciszewski wrote: If you conduct business on the Internet, someone will try to hack you. If you’re rich and fat, you will be targeted by opportunists seeking a quick buck. If you spend a lot of time bragging about your security, you will probably attract highly skilled and motivated adversaries. So logically, selling people certifications in information security would put you pretty high on the target list of a hacker looking to make a name for him/herself.
So we have a “rich and fat” EC-Council, a company which main activity is training in ethical hacking. We have a hacker, or hackers, which would like to show up to the world. The best way to show their skills is to break the webpage of such giant as EC-Council and leave a track, which might be easily noticed by people involved in hacking. And the result was a show we could observing in February.
Does it mean that EC-Council is unproffesional? Should we resign from their trainings?
No, it doesn’t.
The moral of this story is sometimes we are not aware how skilled the hackers could be. And that everyone can be a victim of cyberattack.
What can we do then? Learning. Following the news. Developing our skills. If you have a strong experience, knowledge, a CEH certificate, you are a IT Security Master – it doesn’t mean there is nothing you could learn, or a hack attack which cannot suprise you.

Find more in the web:
r000t.com
s.arciszewski.me
zaufanatrzeciastrona.pl (in Polish)

March 28, 2014

0 Responses on No One is Ever Secure: How Hackers Got Hacked"