EC-Council hacked by Godzilla for creating cyber security awareness

Yes, it is Cyberspace, here no one can assure 100% Security but it doesn't mean that you can ignore the security holes.  Godzilla the hacker who breached the Pakistani Government websites few months ago has claimed to have identified multiple security flaws in EC-Council website(

EC Council is best known for its professional certifications for the IT security field, especially 'Certified Ethical Hacker(CEH)'.

The hacker claimed to have gained access to admin desk and accessed the course materials for CEHV8, CHFIV4, ECSS,ECSA_LPT4.

Talking to EHN, the hacker said "This could take a very deadly turn if played by the cyber terrorist.They are the same org who train DOD, CIA, NSA ,NASA etc."

"If a cyber terrorist infects this material with Trojans and malware the same content will be accessed by the defense people. And this is the easy way to enter into the network of defense. They should concentrate on security and in future should avoid such situation."

" Consider it as a security alarm for USA and Defence network, you will never know in cyber space who is knocking your door."

The hacker didn't mention the type of vulnerability that gave the access to these materials.  But it appears his motive is to create cyber security awareness.

*Update *

EC-Council responded to the hacking claim by saying the hacker obtained the files due to a "human error" that allowed "Directory viewing". 

"This configuration allows a visitor to view the contents of a web directory much like visiting a web page, however instead of a webpage, the user is able to see links to files in web directories."

" This was not a breach and no systems were affected. The files contained in the listed directories were encrypted binary .Resource files; primarily DRM (Digital Rights management) protected documents that EC-Council makes available for download to paying students and organizations globally and some other non confidential files that were already in public circulation. No sensitive data or personal information was compromised."
Category: / / /

Share this with Your friends: