Investigating Compromised Websites: The Legacy of Cambridge Analytica

yellow image with grey images overlaid
The website of the insolvent and (in)famous political data firm, Cambridge Analytica, seemed to return from the grave in 2023, but something was not quite right. Understanding how a well-established website can be compromised, and how to identify when it is, is important for examining the disruption of political influence by private actors. This case study will walk you through reasons why a website might be compromised and provide you with basic steps and tools to investigate and verify what, and who, is behind the interference.

The Cambridge Analytica scandal is a real-life fable, warning us of how private firms can disrupt democratic politics. Despite shutting down in 2018, the firm remains a go-to example of the profit-driven, privacy-violating standards possible from private firms working within political influence. Their name has become a symbol of a larger story and its moral: technology firms selling their services to political parties should not remain unquestioned. Mentioning Cambridge Analytica is a shorthand method for investigators and civil society alike to remind their communities of the dangers of the industry, and their digital campaign tactics, in upcoming elections.

Read more about how Cambridge Analytica is still used to introduce the topic of misused personal data in our case study, 'Government data in political hands: Aadhaar citizen ID and the 2024 Indian election campaigns'

In summer 2023, during a routine communication between our Tactical Tech team and a contributor who had searched the Cambridge Analytica website, we found that the previously deactivated cambridgeanalytica.org was seemingly back online. However, on closer examination, there were visible additions and edits to the website, such as unrelated content in the form of ads in other languages, links leading to external commercial businesses, and old content dating years back. All of these features gave us the feeling that something wasn’t quite right. We needed to determine where and who the republishing of the slightly altered website came from, and if it wasn’t Cambridge Analytica behind it, whether it was just clickbait or something more nefarious. Through this article, we will use the Cambridge Analytica website as an example to explore how to identify whether a website is compromised, as well as who might be behind it.

Understanding when, and why, a website is compromised is a necessary skill both to keep personal information protected online and for knowing whether the content you read can be trusted. A website might be overrun with ads or pop-up windows that make money from views or clicks, which, despite being potentially annoying to a user, pose a relatively low risk as they are easy to spot. However, websites that are no longer in the control of the original owner or creator may use confusion to steal personal information, or even possibly money. Groups aiming to disrupt politics compromise websites to stop them functioning, such as to create confusion on an electoral website about how to vote, to gather sensitive private information on candidates or voters personal details, or to display false or disruptive information such as a disinformation campaign that hacked Eastern European websites to display fake news about NATO.

In the case of Cambridge Analytica, it wasn’t a political party but a member of the industry who work in political influence that was targeted. The fame in their name has, unintentionally, drawn attention from another nefarious industry: online internet advertising scams. Our findings suggest that the political influence industry has become well-known as an industry in its own right – no longer just operating behind the scenes of visible political activities. By investigating this firm we can also learn skills that help us understand how to investigate many other websites that become valuable sources of information, and vulnerable places for disruption, in election campaigns.

The Old New Cambridge Analytica

While explaining the open-source intelligence (OSINT) methods and tools we used to dig into the Cambridge Analytica site, it’s worth noting that this is one of the most renowned companies in the political influence industry. In 2018, a whistleblower alerted the media that Cambridge Analytica, an internationally operating data analytics firm, had harvested millions of Facebook users’ personal data and was using that data to deliver personalised political advertisements, all of which was done without informed user consent.

The news story made headlines around the world as not only the tactics used by Cambridge Analytica were made public but so was the list of thirty countries and elections that they and their parent company SCL Group Limited claimed to have worked in. Though the company was using tools and practices common across the influence industry, the publicity, scale and international reach made Cambridge Analytica synonymous with improper data collection and political influence.

In the aftermath of the scandal, Cambridge Analytica and SCL Group dissolved and filed for bankruptcy in the UK and US. Almost immediately, investigators noted that both companies had been acquired by Emerdata Limited just before their bankruptcies. Since then there has been continued speculation about whether Emerdata was a rebranding of the SCL Group and Cambridge Analytica - and if they also acquired the vast quantities of personal data belonging to the two former companies. Cambridge Analytica filed for bankruptcy in 2018 and is still undergoing a process of liquidation and asset recovery as of November 2023. Yet, the website of the company, at the time of writing (February 2024), is back online with much of the same (old) content though with a few key differences.

The website of Cambridge Analytica has continued to attract attention, and web traffic, over the years. To a third party looking to take advantage of a popular (albeit no longer active or updated) website, restoring its original appearance and giving the impression that it is still operating could be an easy way to gain viewers for their own content. This practice is usually considered spoofing, or an entity posing as a brand that is familiar to the visitor or user. In this case it’s spoofing a so-called “dead” brand and its website. The third party could also be interested in phishing for user data (such as banking details), installing malware on individual devices, or presenting misleading information about specific celebrities or political candidates.

While Cambridge Analytica is well-known, it is important to consider that they symbolise an industry of over 500 private companies working in political influence.1 What can we learn about the private groups behind the websites? What do we know about their work, their profits and their ideologies? What do we expect and what do we need to know in order to have a more transparent understanding of the risks they pose to public discourse? Of course, these are big questions, ones without easy answers - here we contribute to the journey to transparency by exploring how to investigate a compromised website, and what we can learn in the process.

Website Red Flags: Investigating A Compromised Website

Our goal was simple: to gather some evidence that could tell us more about what’s going on with the website through the application of user-friendly and free OSINT tools. The tools that we used should be accessible to anyone and require little to no technical knowledge. We did not pay for more advanced tools and services or use the paid version of the tools in this case study.

How do you figure out what is going on with a compromised website? The answer is in the red flags, which can be more or less straightforward depending on the level of investment and sophistication of the techniques used to deceive.

NOTE on tools: please be aware that we are not endorsing any of the tools and services that we used (with their free or free trial features) in the research steps below, we do not advertise them or receive any benefits for mentioning them. There are many free OSINT tools available out there, it is up to you to try out what is best in each context (i.e. topic or geography) you may work in. Use them responsibly and with care for your and your sources’ safety and privacy.

0. Face Value: The first-signs of interference

Always proceed with caution when checking potentially suspicious websites — and any websites for that matter. Mind the early warning signs.

Safety First! Mind your browser’s warnings

Sometimes when you try to go to a website, you may receive a security warning, such as the one below:

Internet browser risk window cautioning that HTTPS-Only Mode Alert Secure Site Not Available, users have the option to continue to the HTTP site or go backFirefox browser warning of insecure website ahead, no HTTPS mode available. This domain used to belong to a data investigation project whose website content was deleted and moved elsewhere, but the same domain name (kingsofcoal.org) was later purchased by someone else and re-purposed – it now displays suspicious content and flashy ads in Chinese, among others. Screenshot taken on 14 October 2023 by Tactical Tech. If curious, see more about the original project here: https://exposingtheinvisible.org/en/databases/kings-coal/Credits: Image by Tactical Tech

This is your browser telling you that there is risk ahead: the website may be corrupt, meaning it may steal your data or install malicious software on your device, among other threats. The warning is prompted by the difference between HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure), the second of which most websites use today. Seeing an HTTPS in front of your website name (e.g. “https://datadetoxkit.org/”) implies that the communication between your device and the website is ‘secure’ - in this case encrypted - and therefore the data and interactions you might provide via the website cannot be hacked into and stolen by third parties.

There are still websites that lag behind at implementing HTTPS so most browsers will try to convert them to HTTPS automatically and warn of risks if they cannot do so. Enabling the HTTPS-only feature in browsers like Firefox, Chrome, Edge (Brave browser has a feature called HTTPS by default) ensures that you can be warned when your connection to a website is not secure. If the website uses HTTP (and no S), depending on your browser settings, you may have the option to take the risk and access the site anyway.

Note: Just because a site gives the warning that HTTPS is not enabled does not make it malicious by default, and just because a site uses HTTPS without a warning does not mean that the site is safe.

Back to investigating cambridgeanalytica.org, when accessing the link (in our case via Firefox private browsing mode), the page is HTTP, but our browser automatically goes to an “HTTPs” version of it, thus, we receive no security warning unless we click the information provided by Firefox.

Internet browser showing that the Cambridge Analytica site does not automatically offer an HTTP warningScreenshot of Cambridge Analytica website’s homepage, taken on 13 October 2023,Credits: Image by Tactical Tech

Do you notice any other red flags in the screenshots below, as we scroll down the homepage and navigate the rest of the site?

Internet browser showing that the Cambridge Analytica site with a circle added to the Products that are highlighted which are written in JapaneseScreenshot of Cambridge Analytica website’s homepage, taken on 14 October 2023 by Tactical Tech, with highlighted circles from Tactical Tech.Credits: Image by Tactical Tech Internet browser showing that the Cambridge Analytica footer that has letters that are not found in the English alphabet, the rest of the webpage is written in EnglishScreenshot of Cambridge Analytica website’s homepage, taken on 13 October 2023 by Tactical Tech. With highlighted circles from Tactical Tech.Credits: Image by Tactical Tech Internet browser page showing an error page that comes from clicking on the employment opportunities linkScreenshot of a Cambridge Analytica webpage with ‘employment opportunities’ – going nowhere (not the only link that is unable to redirect). Taken on 13 October 2023 by Tactical Tech.Credits: Image by Tactical Tech Screenshot of Cambridge Analytica services but again the services are written in Japanese and seem to just be an image not added text.Screenshot of Cambridge Analytica website’s “services” webpage, taken on 13 October 2023 by Tactical Tech. Notice the ad, it speaks for itself… in Japanese (basic automated title translation: “Mitsukoshiya Mail-order and personal import agency for advanced medicines”). This did not seem like it would have been part of the original Cambridge Analytica service package. (highlighted green arrow from Tactical Tech).Credits: Image by Tactical Tech

Some of the content looks suspicious:

  • there are text formatting errors in the first screenshot, where the text should have been “isn’t”, possible issues with converting and rendering the original punctuation – it would rarely show on a company’s carefully maintained homepage;
  • notice the advertising lower down the page, which doesn’t look related to the website’s content;
  • the date in the website’s footer (2016) seems... outdated?
  • several links redirect to nowhere; other links direct to external pages advertising medicine in Japanese.
  • the “service” page features ads for medicine in Japanese (we looked up “Mitsukoshiya” and it leads to an online shop – avoid clicking on it yourselves but rather copy-paste the visible brand name and some text in a search bar and you’ll get some telling results.)

These elements are more than enough to indicate that something is unusual with the website. But did it always look like this?

1. Check the website’s historical timeline

Websites change all the time – designs and content are edited and deleted, pages are added or removed, and names and contacts change, amongst other edits. Not only does the website change, but the owner or controlling entity of a website may change as well. Though website owners may choose to cancel or take down a website intentionally, there are also ways that a site can accidentally fall out of their control. Depending on the domain registrar (the service used to purchase an available domain name, eg. GoDaddy, Gandi.net etc.) and subscription type one uses, a domain name owner can lose control over the domain name after their subscription expires. In such cases, the public may may no longer be able to access that website’s original content, while the domain name (the name that is uniquely assigned to identify a website, eg. cambridgeanalytica.org in our case) becomes available for others to purchase and use.

See more about a website’s elements and essential glossary: https://kit.exposingtheinvisible.org/en/web.html#domain-name

While we don’t know exactly what happened in the case of Cambridge Analytica, it is clear that at some point after the company went into liquidation, the original owners no longer maintained or renewed the website and their right to own the domain name. How do we know that? By checking its available historical records online.

Using the Internet Archive’s Wayback Machine, it’s possible to see that the website belonging to Cambridge Analytica was repeatedly archived by the tool between 2014 and mid-2019, when it suddenly stopped (as visible in the image below). The gap after mid-2019 could be attributed to the company declaring bankruptcy and the website being taken down during the heat of the scandal that first broke in 2018. Curiously, in 2020 there is - after a period of no activity whatsoever - an uptick in the website’s archiving activity by Wayback Machine. Similarly, gaps around the same period can be seen on another web archiving tool, Archive Today, as shown in the screenshots below.

Screenshot of Internet Wayback Machine showing a timeline of all recorded Cambridge Analytica backups there is a gap between 2019 and 2020Wayback Machine screenshots of Cambridge Analytica website, taken on 13 October 2023. Screenshot by Tactical Tech. (source link: https://web.archive.org/web/20231013103530/https://cambridgeanalytica.org/)Credits: Image by Tactical Tech Screenshot of Internet Wayback Machine showing an error when trying to load the Cambridge Analytica site backup from June 2019Wayback Machine screenshots of Cambridge Analytica website, taken on 13 October 2023. Screenshot by Tactical Tech. (source link: https://web.archive.org/web/20231013103530/https://cambridgeanalytica.org/)Credits: Image by Tactical Tech Screenshot of Internet Wayback Machine showing a timeline of all recorded Cambridge Analytica backupsArchive Today screenshot of Cambridge Analytica website, taken on 14 October 2023. Screenshot by Tactical Tech. (source link: https://archive.li/LpPPR)Credits: Image by Tactical Tech

Clearly, there was a gap in this website’s maintenance between the second half of 2019 and the first half of 2020. But has the website’s ownership changed or did the company just decide to resurrect the website after a while?

(Hint: the suspicious elements on the website may indicate that it’s not the same owner)

2. Identify the website’s current owner

When researching a website, one of the most useful sources of data can be found in its domain registration details.

What we call, and is commonly referred to as, the “owner” is actually named “the registrant” – a person or a company who registers a web domain using services such as GoDaddy.com, Domain.com and Bluehost.com, among many others. These web domain registration companies are required to keep track of certain information about each of their registrants, such as domain registration and expiry dates, server IP address, webmaster details (sometimes) and, more rarely now, actual names and contacts or locations related to the registrant (see note on GDPR restrictions below). All of the information detailing who is behind a web domain and its website is publicly available and searchable in databases commonly nicknamed “WHOIS”. In many cases, this information can be accessed from the registrar company itself or through available third-party online tools, some of which are mentioned below. Many of these tools are free, others provide a free trial (which we used in this investigation), and some offer more advanced settings and data as part of a paid subscription (which we did not use).


NOTE on GDPR and what it means for tracking website ownership:

The European Union’s (EU) General Data Protection Regulation (GDPR) has led to a lot of uncertainty for the status of public WHOIS registries in the EU because in theory, WHOIS data of owners and administrators of EU-registered domains should not be collected and published by registrars. Under the GDPR, it is considered private information. This means that there is less and less data available for the public to see, which also makes it more difficult to track the real ownership of web domains and websites.

In light of this, and as a means for real owners to obscure their identity, many registrars offer the option to act as proxy contacts on the domain registration forms, a service known as “WHOIS privacy”. In such cases, domains registered with WHOIS privacy will not list the actual names, phone numbers, postal and email addresses of the true registrant and owner of the site, but rather the details of the proxy service. While this can frustrate some WHOIS queries, the look-up tool is nonetheless a powerful resource for investigating a domain.

See more about WHOIS searches and terms in this Exposing the Invisible guide: https://kit.exposingtheinvisible.org/en/web.html


These are some of the services providing useful WHOIS basic data for free (or free trial):

and some providing additional historical ownership data but in some cases with very limited free access, such as:

When using these tools, several of our queries returned data reports that were longer than our screenshots show. In these cases, we have made all relevant PDFs available for download at the end of the piece.

NOTE: If you are making many requests for information in a short period of time, on most of these sites you may receive an error and need to wait or switch to a different service to continue your searches. Similarly, many of these sites require you to complete CAPTCHAs to make sure you are not a robot.

We started with two of the general WHOIS tools. Here is a report generated by a WHOIS (free) search with DomainTools and one with ICANN’s domain lookup. The Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organisation that governs the domain registration process for every website in the world):

WhoIs Record for Cambridge Analytica.orgScreenshot of a WHOIS search with DomainTools – fragment of the findings list. By Tactical Tech on 14 October 2023. (source link: https://whois.domaintools.com/cambridgeanalytica.org)Credits: Image by Tactical Tech Registration data lookup tool imageScreenshot of a WHOIS search with ICANN lookup – fragment of the findings list. Full list can be found in the PDF download at the end of the article By Tactical Tech on 15 October 2023. (source link: https://lookup.icann.org/en/lookup)Credits: Image by Tactical Tech

Notice that the registrant data at the bottom in DomainTools is all “redacted for privacy”. However, we can find a couple of useful hints at the top of both findings lists:

  • Registrar: DropCatch.com 479 LLC
  • Registrar url: http://www.NameBright.com
  • Registrar administrative address: Denver, Colorado, USA
  • Created on: 2020-06-21 (1,209 days old)
  • Expires on: 2024-06-21
  • Updated on: 2023-06-13
  • IP Address: 160.16.117.230 (also indicates 366 other sites hosted at this IP address)
  • IP Location: Tokyo, Japan - Sakura Internet Inc.
  • ASN / Autonomous System Number number: AS9370, SAKURA-B SAKURA Internet Inc., Japan (ASNs are number assigned to the local internet registry, facilitate connections with other internet service providers)
  • Domain Status: Registered And No Website (though it displays a partial copy of the original website but most links direct you to other websites)

Let’s analyse a few of these findings:

Registrar (where the web domain is registered): DropCatch.com 479 LLC When we searched online for “DropCatch.com 479 LLC” or simply “dropcatch LLC” we found that it is linked to a service (DropCatch.com) that auctions domain names that have either expired, are about to expire or have been deleted. The name is very telling as “Domain drop catching” is the practice of almost immediately re-registering a domain name once the previous registration has lapsed.

According to this data, Cambridge Analytica’s website is now registered with DropCatch, who also partner with a private firm called NameBright (see the registrar url above: https://beta.namebright.com/about), a US-based company from Denver, Colorado. NameBright is an ICANN-accredited domain name registrar, which means they can officially create domain names that they sell to companies.

Screenshot from namebright.comScreenshot of a NameBright website, confirming connections with the registrar DropCatch.org. Screenshot taken by Tactical Tech on 15 October 2023.Credits: Image by Tactical Tech

IP (internet protocol) Address: 160.16.117.230

An IP address is a unique number assigned by internet service providers to every device (computer, etc.) or location connected to the internet to allow them to communicate and share data – in our case, it’s the address of the server that hosts this website.

Our DomainTools WHOIS search results indicate that 366 other sites are hosted on this server with this IP, but we cannot see them all in this tool’s free trial version. However, another useful tool, viewdns.info, provides a search-by-IP function that allows us to access this list for free, and it retrieves 386 websites: https://viewdns.info/reverseip/?host=160.16.117.230) – below is just a snapshot of the list:

Screenshot from viewdns.infoScreenshot of a reverse IP search (meaning a search by the IP address) with viewdns.info – fragment of the findings list. Screenshot taken by Tactical Tech on 15 October 2023.Credits: Image by Tactical Tech

IP location: Tokyo, Japan and IP owner Sakura Internet (network provider in Japan)

The IP location tells us that the domain is currently (as of October 2023) hosted on a server in Tokyo, Japan. It could have been purchased by someone but because of the GDPR restrictions, the registrar (DropCatch.org) shows as a proxy instead of the real owner.

An IP history search for the domain name “cambridgeanalytica.org” on https://viewdns.info/iphistory/ shows us that it was previously hosted in the US on an Amazon server, in the UK and in Germany, and that this location history dates back to 2012.

Screenshot from viewdns.infoScreenshot of selected findings from an IP history search for the webdomain cambridgeanalytica.org, on viewdns.info. Screenshot taken by Tactical Tech on 15 October 2023.Credits: Image by Tactical Tech Screenshot from viewdns.infoScreenshot of selected findings from an IP history search for the webdomain cambridgeanalytica.org, on viewdns.info. Screenshot taken by Tactical Tech on 15 October 2023.Credits: Image by Tactical Tech

Created on: 2020-06-21 (1,209 days old)

In the date of creation, we see a clear mismatch with the original website, as this web domain registration is much more recent than the creation of the original company’s website. We know Cambridge Analytica’s domain name and website had been active and indexed by the Wayback Machine since 2014. There is no historical data, in this record, that links the site’s IP to the original domain name owner after 28 August 2019. The same domain name appears again under a different IP address owner as seen in the ViewDNS.info screenshot above: 31.05.2021 / Sakura Internet Inc., Japan. These changes also coincide with the gap we identified in the website’s Wayback Machine archive timeline above.

These timeline details are further confirmed by a historical search with another useful tool whoxy.com, which shows us (for a limited free search) more details about the web domain’s past, including a real name from a time when such data was not yet redacted for privacy: Alexander Nix, former CEO of Cambridge Analytica (see screenshot below).

Screenshot from whoxy.comScreenshot of website domain history from whoxy.com. Screenshot taken by Tactical Tech on 15 October 2023.Credits: Image by Tactical Tech

No records are available in whoxy.com for the time before 8 February 2016 but this is enough for us to confirm the previous ownership. It also gives us enough evidence to conclude that the current (2023) Cambridge Analytica website has a different, most likely unrelated owner. Its previous content has been partially restored to give the appearance of the real site, with the addition of new advertisements and redirected links to attract traffic for the new owners.

In short, cambridgeanalytica.org is a spoofed website with spam content.

Even though the real website had been taken down at one point, someone else restored the site in full or partially. Copying and duplicating a website’s design, content and features can be done in various ways, including using website download tools or even the Internet Archive’s stored versions of the website content. In general, abandoned or expired domain names and related websites can be prone to malicious exploitation, which can pose a real risk to a brand, its digital assets (related email and cloud accounts, online forms etc.) or its staff.

Suggested Reading: This article, based on a test done on abandoned and expired domain names, gives an overview of such risks: Why abandoned domain names are dangerous for your business? Please note the article is written by an IP law consultancy firm / we do not endorse its services by citing it.

NOTE on searching WHOIS data

When searching for a website’s WHOIS and historical data, we recommended trying all of the tools above, and any useful others you can get. Each tool is different; some provide more information than others and some have extra features that will help you at times. Combining the findings from multiple sources can help you:

  1. gather more data and possible leads;
  2. verify and corroborate the data;
  3. provide a more complex picture of your case.

Are things what they seem?

Yes and no. It seems like a deceptive website, and it is. By duplicating content from an older (shut down) website and brand and making it seem like it is still active, we can conclude that its owners engage in deceptive behaviors and at the least are using the opportunity for spam, if not for further malicious purposes such as scamming visitors for money. Though the term spam is often reserved unsolicited communications, spam content can also describe content that is injected into a website that may promote unrelated products. The key in understanding why a third party might be interested in taking over a formerly inactive brand and website is to try and figure out what they stand to gain. In our case, the long-lasting “fame” Cambridge Analytica acquired through the 2018 data exploitation scandal makes it a valuable brand to gather web traffic.

And why resurrect the website with an appearance similar to its heyday? Because of the “backlinks.”

Many reputable websites, including mainstream media reports and academic articles, have included direct links to the website when covering or studying the Cambridge Analytica scandal and its troubled political and ethical consequences. This content is still out there - especially during increased focus on digital political campaigns - being read by people, referenced by news reports and studies, and crawled by automated web ranking and archiving tools. There’s continued interest in the case because it was only the beginning of an ongoing torrent in the political influence industry and its high stakes. This makes Cambridge Analytica a high traffic domain name and website, which – if kept active – can still rank well in online traffic measurements. Take web ranking tool Similarweb, which approximates that the website gathered around 11,900 visits from mobile and desktop in September 2023 (we used only the free, no-account option to check available reports.) We did not test if the visits are from real users or bots, but either way this traffic can make a difference in commercial advertising, which profits from clicked links and viewed adverts.

Screenshot from SimilarWeb.comSimilarweb (free trial) report on Cambridge Analytica website’s visits as of September 2023. Screenshot taken on 14 and 16 October 2023 by Tactical Tech. Source: https://www.similarweb.com/website/cambridgeanalytica.org/#traffic-sources (NOTE that we are not endorsing this tool in particular)Credits: Image by Tactical Tech Screenshot from SimilarWeb.comSimilarweb (free trial) report on Cambridge Analytica website’s visits as of September 2023. Screenshot taken on 14 and 16 October 2023 by Tactical Tech. Source: https://www.similarweb.com/website/cambridgeanalytica.org/#traffic-sources (NOTE that we are not endorsing this tool in particular)Credits: Image by Tactical Tech Screenshot from SimilarWeb.comSimilarweb (free trial) report on Cambridge Analytica website’s visits as of September 2023. Screenshot taken on 14 and 16 October 2023 by Tactical Tech. Source: https://www.similarweb.com/website/cambridgeanalytica.org/#traffic-sources (NOTE that we are not endorsing this tool in particular)Credits: Image by Tactical Tech

We also used the free trial version of Neil Patel’s SEO (search engine optimization) tool Ubersuggest to evaluate the profile of the link to the Cambridge Analytica website. This tool indicates that there are:

  • 2,724 referring domains: the number of unique domains linking to this website, and
  • over 199,000 backlinks to the company’s website: the number of incoming hyperlinks from other websites.
Screenshot from Ubersuggest.comUbersuggest report on Cambridge Analytica website’s link profile – meaning who links back to it from other websites. Full PDF is available for download at the end of the piece. Screenshot taken on 14 October 2023 by Tactical Tech. (NOTE: we used the free trial option of the tool, it only allows for one free trial before subscribing. We are not endorsing this tool in particular.)Credits: Image by Tactical Tech

In addition, we used BuiltWith, a tool providing detailed analyses of the technologies and connections websites use (limited free use of the tool/it requires registration for more detailed reports), which showed a series of other websites which seem to redirect to Cambridge Analytica’s website.

Screenshot from builtwithBuiltWith report on inbound redirects to Cambridge Analytica website (other websites redirecting here). Screenshot taken on 16 October 2023 by Tactical Tech.Credits: Image by Tactical Tech

This cumulative evidence explains why the “phantom” of the Cambridge Analytica website is still attracting a lot of views as of September-October 2023.

While the signs of a scam are obvious to some from the homepage, many users might click around before realizing, and some may go further clicking on links that take them to other websites. For instance, the Twitter icon on the bottom is deceiving and actually redirects you to a Japanese-language website apparently selling Viagra and other medicine, which could be potentially harmful. Other links lead to similar medical supplies sales pages.

Screenshot from the Cambridge Analytica website showing that the LinkedIn link redirects to Mitsukoshiya.shopScreenshot of Cambridge Analytica homepage footer, link to its LinkedIn page goes to another website (circled in green at the bottom left.) Screenshot taken on 14 October 2023 by Tactical Tech. Green highlight from Tactical Tech.Credits: Image by Tactical Tech Screenshot from Mitsukoshiya homepageScreenshot of webpage linked to Cambridge Analytica’s LinkedIn icon on its homepage. Screenshot taken on 14 October 2023 by Tactical Tech.Credits: Image by Tactical Tech

Conclusion

So, there it is our answer to Cambridge Analytica’s zombie-website: a relatively obscure Japanese-language medication company has taken it upon themselves to reuse the Cambridge Analytica website to embed links, gain clicks and drive traffic to their own page. For them, the ongoing interest and attention paid to the now defunct Cambridge Analytica was a safe enough investment for this third party actor to try and profit off the notoriety.

Beyond serving as a useful example of how to use OSINT tools, this investigation, or even the need to conduct this investigation, highlights the power and, indeed, influence of the political influence industry. The network of companies have become so embedded into the fabric of communications, that they have moved from providing tools to political elites to becoming a tool for other industries. Presently, after the investigations and bankruptcy, Cambridge Analytica still has its name and notoriety, which is still enough to attract enough web traffic that a separate company sees the opportunity for gain.

The political influence industry is hidden by design, in part due to the Cambridge Analytica scandal and backlash. The use of the Cambridge Analytica shows how the curtain is falling anyway, as their visibility becomes advantageous to others. The tools highlighted in this investigation are useful ways to begin to take a look at who is pulling the strings of industry and political players. By investigating, researching and reporting on the tools of the industry, we hope to shine a little light into the dark corner of the influence industry.

Download the PDF reports from the tools we usedDownload ZIP


About the Authors:

This piece was written in collaboration between: Laura Ranca, researcher with Exposing the Invisible project/Tactical Tech, and Cassie Cladis, project coordinator with the Influence Industry Project and Amber Macintyre, project lead with the Influence Industry Project.

As well as with contributions from Wael Eskandar and Christy Lange.


If you want to find out more about the firms that support political parties engage with Google advertising, head over to The Influence Industry Explorer.

The Influence Industry Project is led since 2016 by Tactical Tech’s Data and Politics team addressing the pervasive data-driven technologies used by political groups within elections and political campaigns.

First published: April 8, 2024

Read another case study

Learn more about developing research