Security Experts:

Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

EC-Council Investigating Insider for Embezzlement

In a letter sent to partners, Jay Bavisi, President and CEO of the EC-Council, said that the company responsible for making Certified Ethical Hackers (C|EH) had launched an investigation after one of their own embezzled company funds.

In a letter sent to partners, Jay Bavisi, President and CEO of the EC-Council, said that the company responsible for making Certified Ethical Hackers (C|EH) had launched an investigation after one of their own embezzled company funds.

The EC-Council has certified some 60,000 IT professionals globally, with more than 13,000 C|EH holders in North America alone. The notion that one of their own has betrayed them is troubling. 

“EC-Council has commenced an investigation of fraud, embezzlement and grand larceny on certain transactions that were requested by a person that was previously employed with EC-Council,” the letter obtained by SecurityWeek explains.

“The modus operandi of this person was to use ‘personal reasons’ to seek the sympathy of the innocent EC-Council partners with the aim of requesting a personal short term loan due to alleged family emergencies. Other frauds were committed too. The person than fraudulently ‘repaid’ this loan via EC-Council accounts department by passing the transactions as business related.”

SecurityWeek has contacted several people about this letter. From these sources, we now know there were at least two other letters written about the investigation. It’s understood that the issue is being taken very seriously by the organization, and while they didn’t go public with the case, they haven’t attempted to spin it either.

In fact, when the letters were initially sent back in June, PR wasn’t a consideration. They were sent as part of a fact-finding mission. The senior leadership within EC-Council was doing its best to discover others who may have given personal loans to their former employee.

We know that they discovered at least one person who made a personal loan, but when we contacted them for an interview, the potential source requested that they speak to their attorney first. While circumstantial, we understand that it isn’t uncommon for someone who has given a legal deposition to have signed agreements that they remain silent on the nature of the conversation.

As for the nature of the other frauds mentioned in the letter, they remain a mystery.

This is where things get muddled. SecurityWeek asked the individuals we spoke with who they felt was responsible for the acts mentioned in the letter. The same name kept coming up.

Leonard Chin, the former Director of Marketing, Director of Business Development, and Director of Conferences & Events for EC-Council, is the person that stands accused by those who are familiar with the incident.

Mr. Chin is a well-known figure in the Information Security community. His roles within EC-Council led him to launch the Hacker Halted security conference, as well as TakeDown Con. If the allegations are true, this is a harsh blow to the organization.

Previously, EC-Council had to face what called, “a wide variety of criticism coming from both the education and information security professions.” “The company not only runs an extensive certification program, they also operate a virtual university. This has not stopped them from taking shortcuts usually reserved for students, by plagiarizing content from other sources and including it in their commercial offerings.” 

So far though, when it comes to Mr. Chin’s role in the incident, all there is to go by is circumstance – and a lot of it.

Mr. Bavisi would neither confirm nor deny that Mr. Chin was responsible for the embezzlement, but he did confirm that he no longer works for the organization, and that “the matter is now in the hands of authorities in more than one country.”

This statement is telling, as two of the people we spoke with noted that Chin had been arrested recently in Singapore. A third person noted that he has had previous problems with the law for related incidents. However, privacy laws within Singapore prevent outsiders from researching arrest records and court documents over the phone, so we were unable to confirm this information for ourselves.

Since June, around the time the internal investigation started to heat up at the EC-Council, Mr. Chin’s online identity started to change. His Twitter feed went silent. A once full and detailed LinkedIn profile was removed. Moreover, attempts to reach Mr. Chin via phone and personal email turned into a virtual dead-end.

SecurityWeek also contacted Secure Ninja, the training firm where Mr. Chin went to work following his employment with the EC-Council. Senior management at Secure Ninja would not explain the circumstances as to why, but they did inform us that he no longer works for the company. Chin only started working there in February, 2012.

As mentioned, everything pointing to Mr. Chin is circumstantial, and we’re still digging. We’ll follow-up with details as we get them.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...