Facebook launches $2m suit against alleged phishing, hacking sites

Facebook is using trademark law to go after the domain hosts which register phishing or hacking-tools sites that target the platform and its Instagram subsidiary.

CNET reports that on Monday, Facebook filed suit in the US District Court of the Northern District of California against web hosts OnlineNIC and ID Shield. It’s accusing the hosts of trademark infringement and cybersquatting – what’s also known as typosquatting, where crooks register common misspellings of popular websites to snare innocent users who wind up on the pages due to a keystroke slip.

According to the suit, OnlineNIC has registered domains from which to carry out phishing and which claim to sell hacking tools. Facebook listed 20 infringing domains, including hackingfacebook.net, facebookphysician.net, buyinstagramfans.com, instagram01.com, and iiinstagram.com.

Each of those domains was registered by ID Shield: a company that Facebook says is controlled by OnlineNIC.

The lawsuit also includes a screen capture designed to look exactly like a Facebook site. Facebook alleges that such sites are used in phishing attacks, meant to trick visitors into accidentally giving up their logins.

CNET quoted a statement from Facebook:

People count on us to protect the integrity of our apps and services. We don’t tolerate people creating web addresses that pretend to be associated with our family of apps. Today’s lawsuit shows we will take action against those behind this abuse.

This isn’t OnlineNIC’s first trademark waltz. In 2008, Verizon sued the company for registering hundreds of domain names with Verizon trademarks. Verizon won its $33m suit, being awarded a default judgment of $50,000 for each of 663 addresses registered by OnlineNIC.

Facebook said in its lawsuit that OnlineNIC’s history demonstrated a “bad faith intent to profit” off others’ intellectual property. The company is seeking $2 million in damages, which works out to $100,000 per infringing domain.

Let me Microsplain this to you typosquatters

Besides Verizon, Facebook is taking a page from Microsoft, which has seen good results at using the courts to carry out multiple domain-slapdown campaigns – domains with Microsoft branding flavor and criminal intent.

In 2017, Microsoft filed cases against the notorious, likely Russian, hacking group Strontium, better known to the world as Fancy Bear, or APT28.

It might seem quixotic to presume that you can take out nation-state hacking groups with sheaves of legal documents, but Microsoft has found that it’s actually quite effective.

By March 2017, the company had managed to seize 70 web domains used by Fancy Bear (including one used in the 2016 attacks on the Democratic National Committee).

Microsoft did it again this year when, armed with a court order, it swatted 99 domains associated with the Iranian hacking group known as Charming Kitten (or APT35, or Ajax Security Team, or, as Microsoft calls it, Phosphorus).

Among its many escapades, the group sends phishing emails crafted to look like there’s an issue with a victim’s account. They’ll use domain names that look like they’re tied to legitimate brands, including versions of Microsoft products such as, for example, outlook-verify.net, microsoft-update.bid, and verify-linkedin.net.