As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, soccer news is everywhere and like most things, websites are being used to disseminate the news. The Federation Internationale de Football Association (FIFA) is perhaps one of the largest websites in the world dedicated to Football (a.ka.a Soccer for you Americans) news.
This morning however I awoke to the most startling of news; Twitter was all the rage with the most unexpected, yet expected, FIFA appeared to be hacked.
Is it possible that the Fifa website was hacked? Could it be Hacktivism?
This wouldn’t be the first time ofcourse, big events like this are usually a big target for hackers and this defacement sure is getting a lot of attention from the public. This is what the reported hacked website looks like:
Everything in the site looked the same, except that they added an animation of Fifa’s president, Joseph Sepp Blatter, dancing with a funny song.
At first glance it seems to be legitimate, but taking a closer look you quickly realize it is a fake. Fifa’s official website is www.fifa.com and the one that is being reported as hacked, defaced, is www.fifa-brazil-2014.com.
If you search for these two websites on Google, you will get the same description, which can certainly lead people to believe that it is a legitimate website for FIFA.
If you take a minute to dig a little deeper though you’ll find it’s really not.
$ host fifa-brazil-2014.com fifa-brazil-2014.com has address 188.8.131.52 $ host 184.108.40.206 220.127.116.11.in-addr.arpa domain name pointer samba-hack.feinheit.ch. CH = Abbreviation for Switzerland Samba-Hack = Name being given to the hack Registered at: Registrar URL: http://www.godaddy.com Creation Date: 2013-06-06 09:11:09 Registrant Email: email@example.com Admin Name: Andrea Arezina Registrant City: Zurich Registrant State/Province: Switzerland
If you look at the real FIFA website you’ll find this information:
$ host fifa.com fifa.com has address 18.104.22.168 Registrar URL: www.cscprotectsbrands.com Registrant Email: firstname.lastname@example.org Admin Name: Domain Name Administrator Registrant City: Zurich Registrant State/Province: Switzerland
What’s most peculiar however is that they appear to be in the same city. Definitely an awkward moment for sure.
Lesson To Be Learned
Opportunistic attacks can happen at any time, we can’t allow ourselves to be fooled by what we find online (even if it comes from Twitter, especially if it comes from Twitter). We have to remain diligent when visiting websites we’re unfamiliar with. This caution extends to Google as well as you can see above. Although this specific attack only injected a defacement, the attack could have been much worse, it could have been used to deliver a desktop trojan or any variety of other malware payloads.
Stay safe and don’t be fooled