- The US Department of Justice has seized almost 400 domains
- The sites were being used to illegally stream World Cup matches.
- Users of the sites were exposed to malware, data theft and other threats.
Nearly 400 domains have been seized as part of Operation Offsides, a coordinated global effort to take down sites illegally streaming the 2026 FIFA World Cup.
The sites were seized by the Criminal Division of the United States Department of Justice for violating copyright and intellectual property laws.
The takedowns were coordinated by members of the International Intellectual Property and Computer Hacking (ICHIP) network.
The United States and its friends enforce the offside rule
Many of the seized domains now display a sign explaining that the website was seized as part of Operation Offsides. “This action was taken to protect consumers and enforce intellectual property rights around the world,” the poster states.
In May 2026, the FBI warned that thousands of domains were being registered ahead of the World Cup, and most of them were created with the intention of scamming fans looking for cheap tickets, access to streaming services, and those looking for discounted merchandise. It appears that Operation Offside focused on disrupting streaming sites in particular, rather than taking down the broader scam networks associated with these domains.
“We have seized hundreds of domains, used to illegally stream World Cup matches for profit, to disrupt international networks that benefit from the global popularity of the World Cup,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.
“This operation illustrates the Department’s respect for intellectual property rights and the responsibility of the United States as the host nation to protect the FIFA World Cup from criminals. The Criminal Division will continue to disrupt and, where appropriate, seek to prosecute these sites and the subjects responsible for this criminal activity.”
In many cases, fake domain networks offering free or cheap access to streaming services are run by cybercriminals who deliberately operate at a loss to attract users to their services. In exchange for access to the streaming site, the domain will use the user’s local network as an exit node for the cybercriminal network, obscuring its traffic and making it appear legitimate.
Unfortunately for the user, who may think they have just found free access to all World Cup matches, their network and IP address could be used to distribute malware, cybercriminal communications and illegal content such as stolen data and exploitative materials, including child sexual abuse material.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
