Inside Eugene’s Gibson (EC-Council, Part II)

Mess with the best, die like the rest, amirite?

Mess with the best, die like the rest, amirite?

(Note: Earlier this week, I presented evidence of a Finnish individual by the name Julius Kivimaki being the perpetrator behind the EC-Council hack over the weekend. You should read that post first, if you haven’t already.)

tl;dr: Last weekend, a person using the nickname ‘Eugene Belford’ took over the DNS for the EC-Council, an organization that certifies “Ethical Hackers”, and pointed it to his server, where he displayed a picture of Edward Snowden’s US passport.

Last night, our team obtained access to the server used in the EC-Council hack. Somebody asked for, and received from Julius, a shell on his server for the purposes of sending spam and phishing emails. This person turned the shell over to us, we then elevated to root access, and had a look around. Here’s a small list of what we uncovered: Continue reading

Who Hacked EC-Council?

20120220

It’s not really hacking. Just FYI.

Update:┬áSince the writing of this article, I was invited to see the contents of Mr. Kivimaki’s dedicated server after another party compromised it. You can read the analysis of what I found here.

Two days ago, the website for the EC-Council was broken into and defaced. The EC-Council is an organization that certifies so-called ‘ethical hackers’. The website was defaced and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker”.

Once control of the website was given back to the rightful owners, a known password was used to again deface the website, to bring it to it’s current state now. It now contains a scan of Mr. Snowden’s passport and a letter from the US Department of Defense affirming his experience as a security researcher.

Continue reading to learn the hacker’s identity.

Continue reading