Who hacked the Warfighter Foundation’s Facebook Page?


First a note from, Matt Alexander, Public Affairs Officer of Warfighter Foundation,

If you could please spread amongst your peers and everyone else that our page has been hacked. Also please do let anyone who follows WFF that the postings that are occurring now are NOT coming from us but from the hackers themselves and for our followers to please report the postings to Facebook so that if there are enough reports Facebook will have to look into the situation for our page being hacked/compromised.

Who hacked the Warfighter Foundation’s Facebook Page?

The Facebook page of the Warfighter Foundation , a Texas-based non-profit organization, was hacked Sunday night. The hackers changed the name of the page from “Warfighter Foundation” to “Warfighter XxX.” Almost immediately after the name change, the new controllers of the Facebook page began posting. In the midst of the chaos, the Warfighter Foundation began taking damage to their reputation.

The next day, Public Affairs Officer of the Warfighter Foundation, Matt Alexander verified that the Foundation’s Facebook page was indeed hijacked by hackers. Upon further inquiry, Mr. Alexander specified that the hackers have locked the old admins out of the account and replaced them with their own. Alexander made clear that the correct steps are being taken to regain control of the page back from the hackers. He further stated that he was not yet sure how the hackers took control of the page, and that they do not believe the hackers control any other Foundation accounts. In the wake of this hijacking, the Foundation has taken further measures of computer security.

The Warfighter foundation was set up by U.S. Marine combat veterans who take on the mission to “empower combat veterans and their families through physical, mental, and emotional rehabilitation.” Typical postings of the Foundation support this mission, and the patriotic ass-kicking anybody rightly deserves for disrespecting Lady Liberty. However, when the hackers began to hijack the page, they began posting content of questionable nature. Then the content began to evolve into strongly divisive conspiracy theory postings that echo tabloid headlines. From 9/11 conspiracies to Russia threatening the US to divulge the truth about aliens, or they will. Crazy stuff. Interestingly enough, people took the bait. Content was liked, commented on, and shared. Comments began questioning the integrity of the line of postings. Some followers even stated they were going to “unlike” the page, if heinous content perpetuated.

While one consistency is divisive conspiracies, keeping in mind the use of fog of rumors in the information battlespace, there is also another consistency. All of the posting are linked back to http://www.social-trending.eu. Links from Facebook to Social-Trending contain no url extensions that reference the referral link’s coming from Facebook. This is a bit out of the ordinary for news sites, as which this one poses to be.

Upon examination of this page, the website is using a blog layout under the name, General Knowledge. The header bar and sidebars are linked to social media accounts, which all lead back to one account username of “General knowledge”. The page layout seems to be of the plug-n-play nature, while links within the page leads through a variety of different outlets as it loads the next page, according to the status bar.

There are two sections on the site to glean information about this page. They can be found in the header bar.

In the section titled, Impressum, the site discusses 20 different domains of knowledge and boils them down to six factors. This also appears to somewhat reflect the different content sections of the page. Furthermore, this section discusses targeting knowledge in many domains, causality, and influence. Given that the Warfighter Foundation are the type of dudes who blur their faces and block out their eyes for internet pics, take the previous sentence for what you will. Typically, an impressum section is found on European webpages for organizations to make a statement on the ownership and use of content. Given the argument in the impressum and the use disclaimers, the users seems ready for a fight.

In the “About General Knowledge” section, the site is described as a news aggregator. However, aggregation is a collection method, not a distribution method. The distribution of these Social-Trending stories, are found on the website. There may be a chance there is code running to produce these stories to the site to the Facebook Page. However, this assertion is unsubstantiated. In reference to the previous paragraph, take it for what you will.

Checking out the social networks of “General Knowledge”, it would appear that they aren’t very active on their own social networking accounts, despite the fact they have been busy setting up accounts. The Facebook icon link in the header bar, leads to a dead account. The Facebook account in the sidebar leads to an active account , titled The Idealist. However, it is important to note that this account is NOT that of the widely known account on Facebook Page with the same name. Registered in January 2013, the Twitter account, in the sidebar, appears barely active though used. The postings resemble something typically posted by some automated coding. Mostly links to pictures. There is a link to another webpage in the Twitter profile, however, it too is a dead link. Interestingly enough to note, the Twitter account is said to be located in Williamsburg, VA, despite the fact, the Impressium and .eu address seem to indicate a European background. The Google+ account  is limited in recent postings too. Ironically, this is the only video uploaded to GeneralKnowledge0’s YouTube channel:


In conclusion, this doesn’t seem like the typical hijacking of a Facebook page, and without proper authority to conduct forensic analysis, we won’t know for certain who it is. As of this day, it remains unclear on how close Facebook works with hacking victims. Who knows if we will know the truth? Very loosely put, the postings seem to be somewhat “network relevant”, though divisive and conspiratorial they have relevance in the network for subversive use. Adding to that, whoever wants to glean insights from the Warfighter’s social media analytics has that ability too. The links being used and the links behind the attack are questionable in nature.

What is certain are two things:

1) Whoever is in control of the Warfighter Foundation’s Facebook page is not/ are not the original administrators.

2) If the Warfighter Foundation finds them before the authorities do, then some geeks will die a horrible death with keyboard broke off in their windpipe.

EurID.EU info for Social-Trending.EU:

wfsteu

WhoIS.NET info for General-Knowledge.Biz:

wfgkb[Update] Shortly after publishing this, the entry found it’s way into the comment section of the Warfighter Foundation’s Facebook posting. Within 30 minutes, all of the postings with the link to this entry were deleted. Adding to that, the new users have began linking to another site, Lucky-Us.IN.

WhoIs information for Lucky-Us.IN:

wfluin
Upon further inquiry of Lavdrim Pireva, a reoccurring name in the WhoIs search, we have also found a list of websites registered to the lavdrim-p@live.com. The names of the domains are somewhat consistent.

wfedsThese next few lists are taken from DomainBigData

List of domain names registred by lavdrimm.p@gmail.com

We also found that names listed to some of the accounts on the list above are registered to the name, Labinot Pireva. The list below are accounts associated with that name.

As listed in a set of images above, lavdrim-p@live.com was another email used to register sites. Here are the domain names registered by that email address.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: