CREST cancels two UK infosec accreditation exams after fresh round of ‘cheat sheets’ are leaked online
Exclusive British infosec accreditation body CREST has suspended all of its accreditation exams after The Register revealed a published cache of files including what appeared to be internal exam sheets as well as docs apparently tied to key industry player NCC Group.
We understand from sources that the security body has suspended all of its CREST Certified Infrastructure Tester (known in the industry as CCT INF) and CREST Certified Web Application Tester (CCT APP) exams for up to a month while their contents are reviewed.
An email was sent to CREST members this afternoon and seen by The Register said:
The move fuels industry speculation that leaked exam docs contained up-to-date material intended to help candidates pass tests rather than learn and understand the course content. It also lends credence to CREST’s assertions last week that it is investigating the “cheat sheet” GitHub repo scandal, with numerous sources having expressed scepticism to The Register that the investigation would result in meaningful outcomes.
The NCC Group maintains that only some of the files in the repo originated from the organisation.
The news is significant because CCT is regarded as a gold standard accreditation allowing holders to lead testing teams on penetration tests of government and critical national infrastructure systems, under the National Cyber Security Centre’s CHECK scheme.
“All candidates due to take CCT practical examinations this week and next have already been informed. The syllabus will not change,” said CREST.
Industry sources used a variety of colourful words to describe the exam cancellation to El Reg, with all agreeing that this counts as an “ooof” moment for CREST.
An additional cache of documents, titled “CREST” was published on social media over the weekend. Hosted on Dropbox, The Reg understands the files within seemed to contain detailed information about certification exams, as well as emails to and from named people, including what appeared to be senior personnel from within NCC.
The Register has asked NCC Group to comment upon the Dropbox folder’s contents and their implications. The company has previously said it will not be commenting further while it carries out an internal investigation into the exam cheat sheet scandal.
NCC Group CTO Ollie Whitehouse was not available for interview, the firm said. A CREST spokeswoman declined to comment on the exam cancellation at time of publication. ®
Updated to add
After this story was published, a spokesperson for CREST got in touch to say it will take up to three or four weeks to rewrite its exam papers as a result of the leaks:
A spokesperson for NCC also let us know the group “won’t comment while the investigation is ongoing.”
READ MORE HERE