Threatwatch

Hackers exploit MH17 sorrow; redirect Facebook tributes to malicious sites

Network intrusion; Social engineering; Man-in-the-middle attack

Fake social network pages set up for victims of the Malaysia Airlines crash are driving traffic to pop-up advertisements on an external site. The passengers named include young Australian siblings who died with their grandfather.

The pages were created the day the plane crashed. They lured people to click on a link claiming to show footage of the disaster.

“Video Camera Caught the moment plane MH17 Crash over Ukraine. Watch here the video of Crash,” the link read.

Facebook has taken down the pages but the external site remained live as of Sunday night.

Ken Gamble, chairman of the Australian chapter of the International Association of Cybercrime Prevention, said it seems the site had been compromised in order to divert to adult hook-up sites and others selling counterfeit drugs.

“Hackers get in, take control of a site and they then divert to a stack of stuff and use the bandwidth of this guy's website sometimes for illegal purpose sometimes or for getting the hits up on certain sites,” he said.

The third-party sites also contained malicious files that infect a user's computer if clicked on.

Gamble said the period of mourning after a disaster becomes a great opportunity for fraudsters.

“Everybody is out there looking for information at the moment, everyone wants to know more about what's happened,” he said. “It's a good way to bring a massive amount of traffic to someone's site.”

Before the Facebook pages were removed, users expressed outrage, labelling them “disgusting” and the scammer a “sicko.”

But some users didn’t realize the pages were fraudulent and posted heartfelt messages: “Incredible, terrible...To lose your kids in this way...Such beautiful lovely children...no words...” one person wrote.

sector

Social Media

reported

July 20, 2014

reported by

Daily Mail

number affected

Unknown

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

July 17, 2014

date breach detected

July 19, 2014