Was the FIFA Website Hacked?

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, soccer news is everywhere and like most things, websites are being used to disseminate the news. The Federation Internationale de Football Association (FIFA) is perhaps one of the largest websites in the world dedicated to Football (a.ka.a Soccer for you Americans) news.

This morning however I awoke to the most startling of news; Twitter was all the rage with the most unexpected, yet expected, FIFA appeared to be hacked.

twitter hacked

Hactivisim Amidst

Is it possible that the Fifa website was hacked? Could it be Hacktivism?

This wouldn’t be the first time ofcourse, big events like this are usually a big target for hackers and this defacement sure is getting a lot of attention from the public. This is what the reported hacked website looks like:

fifa fake defacement

Everything in the site looked the same, except that they added an animation of Fifa’s president, Joseph Sepp Blatter, dancing with a funny song.

At first glance it seems to be legitimate, but taking a closer look you quickly realize it is a fake. Fifa’s official website is www.fifa.com and the one that is being reported as hacked, defaced, is www.fifa-brazil-2014.com.

If you search for these two websites on Google, you will get the same description, which can certainly lead people to believe that it is a legitimate website for FIFA.

phishing

If you take a minute to dig a little deeper though you’ll find it’s really not.

$ host fifa-brazil-2014.com
fifa-brazil-2014.com has address 82.196.13.236

$ host 82.196.13.236
236.13.196.82.in-addr.arpa domain name pointer samba-hack.feinheit.ch.

CH = Abbreviation for Switzerland

Samba-Hack = Name being given to the hack

Registered at:
Registrar URL: http://www.godaddy.com

Creation Date: 2013-06-06 09:11:09

Registrant Email: andrea.arezina@solidar.ch
Admin Name: Andrea Arezina
Registrant City: Zurich
Registrant State/Province: Switzerland

If you look at the real FIFA website you’ll find this information:


$ host fifa.com
fifa.com has address 94.236.90.168

Registrar URL: www.cscprotectsbrands.com

Registrant Email: domain.admin@fifa.org
Admin Name: Domain Name Administrator

Registrant City: Zurich
Registrant State/Province: Switzerland

What’s most peculiar however is that they appear to be in the same city. Definitely an awkward moment for sure.

Lesson To Be Learned

Opportunistic attacks can happen at any time, we can’t allow ourselves to be fooled by what we find online (even if it comes from Twitter, especially if it comes from Twitter). We have to remain diligent when visiting websites we’re unfamiliar with. This caution extends to Google as well as you can see above. Although this specific attack only injected a defacement, the attack could have been much worse, it could have been used to deliver a desktop trojan or any variety of other malware payloads.

Stay safe and don’t be fooled :)

WordPress Security Presentation (in Portuguese)

Bruno Borges (from our security team), did a great presentation at WordCamp Sao Paulo (Brazil) about WordPress security and how to keep a site secure.

WordPress Security

The video is in Portuguese (pt-br), and can be viewed here:

Watch live streaming video from primaestudio at livestream.com

Brazilian Government Websites Hacked with Spam

In the last few months we’ve been tracking a common technique being used by attackers: They hack a web site and use that as part of their link farm to build page rank for them on search engines. We posted many articles about similar spam issues in the past.

Recently, we’ve started to notice a lot of government web sites from Brazil in this list.

Some are fairly big sites:

http://www.ibama.gov.br – Environmental Ministry
http://www4.planalto.gov.br – Old Presidential Web site
http://www.inmetro.gov.br – Quality control ministry
http://www.cnen.gov.br – Nuclear Energy Commission
http://www.fazenda.sp.gov.br – Treasury from the state of Sao Paulo
http://inpa.gov.br – Amazon research institute
http://www.jfal.gov.br/ – Alagoas Federal Justice

http://inep.gov.br

http://ww.fundacentro.gov.br

http://www.eletrosul.gov.br

http://www.amprev.ap.gov.br

http//www.cvs.saude.sp.gov.br/

http://www.faetec.rj.gov.br

http://www.comprasnet.ba.gov.br

http://www.al.rs.gov.br

http://cmnovasoure.ba.gov.br


Read More