Hackers exploit MH17 sorrow; redirect Facebook tributes to malicious sites
Network intrusion; Social engineering; Man-in-the-middle attack
Fake social network pages set up for victims of the Malaysia Airlines crash are driving traffic to pop-up advertisements on an external site. The passengers named include young Australian siblings who died with their grandfather.
The pages were created the day the plane crashed. They lured people to click on a link claiming to show footage of the disaster.
“Video Camera Caught the moment plane MH17 Crash over Ukraine. Watch here the video of Crash,” the link read.
Facebook has taken down the pages but the external site remained live as of Sunday night.
Ken Gamble, chairman of the Australian chapter of the International Association of Cybercrime Prevention, said it seems the site had been compromised in order to divert to adult hook-up sites and others selling counterfeit drugs.
“Hackers get in, take control of a site and they then divert to a stack of stuff and use the bandwidth of this guy's website sometimes for illegal purpose sometimes or for getting the hits up on certain sites,” he said.
The third-party sites also contained malicious files that infect a user's computer if clicked on.
Gamble said the period of mourning after a disaster becomes a great opportunity for fraudsters.
“Everybody is out there looking for information at the moment, everyone wants to know more about what's happened,” he said. “It's a good way to bring a massive amount of traffic to someone's site.”
Before the Facebook pages were removed, users expressed outrage, labelling them “disgusting” and the scammer a “sicko.”
But some users didn’t realize the pages were fraudulent and posted heartfelt messages: “Incredible, terrible...To lose your kids in this way...Such beautiful lovely children...no words...” one person wrote.
July 20, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
July 17, 2014
date breach detected
July 19, 2014