Hacking

Navy Information Warfare

October 29, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 29, 2019

As a ten-year regular volunteer at the USO O’Hare, there’s a sly grin on my face knowing all the U.S. Navy personnel featured in this video have visited the Terminal 2 center at least once in their careers and should make every InfoSec News reader happy these men and women are learning about information warfare, cybersecurity (both offensive and defensive) and wireless networking, among other security topics, nearly two years of college training over the span of six months.

Hat tip: Soldier Systems

EC-Council Website Defaced Twice In A Weekend [Updated]

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 23, 2014
[Updated]

Today’s defacement of the EC-Council (the second time this weekend) by Eugene Belford (a.k.a. The Plague) threatens the compromise of the 60,000+ security professionals who currently hold CEH certifications.

Individuals who have achieved EC-Council certifications include the US Army, the FBI, Microsoft, IBM, the United Nations, National Security Agency (NSA). Also, the United States Department of Defense has included the EC-Council Certified Ethical Hacker program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)

In the most recent defacement, Eugene Belford has stated that “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” leading the InfoSec News staff to believe considering the mail on the defacement page is from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, with a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

Eugene Belford has potentially sixty thousand other similar statements from undercover law enforcement agents, intelligence professionals, and members of the United States Military, creating an additional quagmire and has you wondering why the EC-Council has all this personally identifiable information sitting unprotected online?

Moscow based Sberbank reports possible data leak

October 4, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 4, 2019

Russia’s largest bank and third-largest bank in Europe, Sberbank announced on Wednesday of a possible personal data leak.

Late on October 2, 2019, Sberbank became aware of a possible leak of credit card data affecting at least 200 Sberbank clients.

An internal investigation is underway. Its results will be unveiled in a separate statement. A criminal wrongdoing of an employee is the primary lead, as no breach could have occurred from the outside – the database is isolated and has no outer network access.

Refreshingly, there was no mention of the classic data-breach disclosure boiler-plate terminology that Sberbank takes the security of your personal data very seriously.

Photo by Roman Balabin

DoD Cyber Awareness training in less than three minutes

October 4, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 4, 2019

Bozhe moy! Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online, yadda yadda yadda…

Let’s be honest, one month out of the year to concentrate on cybersecurity awareness is a real waste of time and resources, Every day should be National Cybersecurity Awareness Day. An informal poll of InfoSec News subscribers who have taken their annual DoD/DISA Cyber Awareness Challenge only really remember Jeff, Tina and that guy who steals your phone every year.

This slightly NSFW video covers a lot of ground in less than three minutes and might be onto something, another InfoSec News informal poll of non-cybersecurity aware people showed users were able to grasp the security concepts presented. (No idea if the low cut Russian military costume helped or hurt) Nevertheless, its free cybersecurity awareness training, Enjoy!

Bozhe moy!

So Who Hacked EC-Council Three Times This Week?

September 23, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 28, 2013

On February 22nd, 2014 the EC-Council website was broken into and defaced by Eugene Belford (a.k.a. The Plague). For those of you living in a cave, or a compound outside of Abbottabad for the last 13 years, The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates. to be compliant with DoD 8570. The website was defaced, and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker” that compromised the EC-Council website.

After EC-Council wrestled back control of their site, a known password was reused, and two days later re-defaced the website showing the mail from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

After the hacker mentioned “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” conspiracy rumors were swirling about who may have attacked the EC-Council website. Foreign training companies, secret squirrels, the Chinese, Russians, non-state actors.

On February 25th, EC-Council website was defaced a third time.

(Screenshot credit: @JamieCaitlin)

The folks at r000t’s Blag have found done some digging and on the surface, it’s pretty damning evidence.

As we’re unable to confirm this independently, read this first article: Who Hacked EC-Council?

Then read this second article: Inside Eugene’s Gibson (EC-Council, Part II)

Its NSFW – Not Safe For Work reading, but when has that stopped you in the past in the name of security research?

Since the EC-Council has been mum on whether or not there has been a massive disclosure of passports, drivers licenses, and CAC cards, I can promise you after reading the above articles, you will be angry at the U.S. Federal Law Enforcement community as it seems they have had this hacker in custody before, but were unable to charge him/her at the time.

Maybe this will be the event that changes this mindset in the future.