Notorious download site Megaupload began serving visitors a feed of malicious ads last week; this would not be very surprising, until one remembers that the domain was seized by the FBI not too long ago. What follows is a series of embarrassing errors from both the American law enforcement bureau and the black hat hacker who got himself involved.
Megaupload.com was seized by the American government in 2012 after it was accused of storing millions of copyrighted files. The owner, Kim Dotcom, was arrested along with three other men, but has not yet been successfully convicted of any wrongdoing. In the mean time, the FBI maintained CIRFU.NET, a domain that directed traffic to seized domains. CIRFU.NET was on a two year renewal cycle, which most recently expired in April 2015. The FBI missed its require renewal date, and the CIRFU.NET domain was subsequently put up for auction and sold.
The buyer happened to be a “black hat SEO marketer” who referred to himself as Earl Grey. Grey ran a company called “Syndk8 Media Limited”, with an address in Gibraltar. Interestingly, the new owner allowed many of the name servers on CIRFU.NET to still resolve the FBI seizure banners. The theory is Grey copied the FBI’s DNS records to his own name server first, before changing the DNS pointer over. Only the domains with the highest expected traffic were sold to clients, who were not the usual kind of advertisers and aimed visitors to malware laden pages.
Naturally, it took a whole week for the FBI to contact GoDaddy and get its domain back. The domain name was frozen, but it has still been directing visitors to the malicious advertising. However, Grey was not happy with his new domain being frozen and took to social media to express his displeasure. It appears that he had no idea why the domain was frozen in the first place, i.e. it belongs to the FBI and they would like it back.
Naturally, Grey eventually found out and Tweeted “Serves me right for buying expired domains from the FBI. Cirfu.net is the domain in question. Google that bitch.” All this serves as a lesson for everyone. Do not buy domains owned by law enforcement agencies, and always remember to renew your claims to domains you happen to have seized for breaking the law.
[Source: Ars Technica]
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.