A number of Facebook pages were set up last week alleging to be tributes relating to victims of the MH17 plane disaster. Each of these Facebook sites contained a website link to goalshighlights.com, a website purporting to promote soccer highlights and other recent events. IFW traced the domain to a server in the Netherlands. The website was no longer functioning and appeared to have been compromised by a hacker.
The site was built on the WordPress platform and had 60 outbound links. The domain name was registered in 2010 by a person identified as Andrei Alin of Bucharest, Romania. Investigations were conducted on an email address identified as being used by this individual. The email was not connected to any other domain names however the email address was associated with a Facebook account in Romania. The individual has been contacted but to date as not responded. It is possible that this individual is no longer managing or updating the website hosted on the goalshightlights.com domain.
It would appear, based on the pop ups occurring when visiting the site that the site has been hacked. It has now been shut down. Hackers often take control of vulnerable websites and use them for diverting traffic to sponsored listing sites and illicit websites selling counterfeit goods or promoting adult content.
It is very difficult to trace the actual perpetrators behind websites that have been hijacked as hackers usually go to lengths to mask their locations and IP address. The only action that can counter these kinds of attacks is to proactively monitor the internet and immediately take down offending sites. IFW conducts proactive monitoring operations to identify fraud and other types of crimes so the sites or links can be removed.
IFW Global has a strong operations centre in the heart of Asia, which is the world’s largest hub for many types of cybercrime. We also have offices elsewhere around the globe in Europe, USA and Oceania.