WASHINGTON, D.C. — In an enforcement action announced on Monday, June 29, 2026, the U.S. Department of Justice (DoJ) unsealed a series of court orders authorizing the seizure of nearly 400 internet domains. The targeted websites were allegedly engaged in the unauthorized, real-time streaming of matches from the ongoing FIFA World Cup 2026, in direct violation of U.S. copyright law.
The global anti-piracy campaign, designated Operation Offsides, is being led by the National Intellectual Property Rights Coordination Center. The primary affidavit supporting the seizure warrants was filed on June 26, 2026, in the U.S. District Court for the Eastern District of Virginia. U.S. Immigration and Customs Enforcement Homeland Security Investigations (HSI) special agents verified that the domains were actively capturing and retransmitting live match feeds directly from authorized broadcast signals without legal permission.
International Infrastructure and Coordination Framework
Because digital piracy networks operate across fluid borders, the Department of Justice coordinated its physical and digital infrastructure takedowns through the International Computer Hacking and Intellectual Property (ICHIP) network. Backed by specialized U.S. cyber prosecutors stationed in São Paulo, Brazil, and Bucharest, Romania, international law enforcement task forces executed synchronized disruptions across multiple countries.
The coordinated strikes targeted critical hosting infrastructure, content distribution networks, and domain registrars tied to regional piracy rings:
- Primary Targets: Servers and primary domain vectors were seized in Peru and Bulgaria, both recognized by federal investigators as major operational hubs for unauthorized streaming syndicates.
- Secondary Disruptions: Follow-on domain revocations and server blockades were carried out by ICHIP-trained foreign officials in Croatia, Romania, Poland, and Colombia based on technical leads provided by U.S. intelligence channels.
Corporate Partnerships and Cybersecurity Risks
The enforcement framework relied heavily on a public-private data-sharing model. Technical identification of the offending streaming endpoints was coordinated directly with soccer’s international governing body, FIFA, which holds exclusive rights to stage and broadcast the 2026 tournament across its host nations: the United States, Canada, and Mexico. Additional network mapping, signal telemetry, and proprietary tracking data were supplied by global media and anti-piracy coalitions, including beIN Media Group, NBCUniversal, the Motion Picture Association’s Alliance for Creativity and Entertainment (ACE), the Ultimate Fighting Championship (UFC), and Warner Bros. Discovery.
Beyond intellectual property theft, federal authorities emphasized that the targeted digital streaming platforms operated as vectors for broader cybercrime. An analysis of the seized server configurations revealed that the sites routinely weaponized their traffic by exposing sports fans to unencrypted connections, deceptive advertising redirects, browser-hijacking scripts, and banking trojans designed to harvest personal credentials and financial data.
Administrative Oversight and Long-Term Enforcement
Operation Offsides is being managed by senior legal counsel within the DoJ Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), including Senior Counsel Brian Mund, Assistant Deputy Chief Adrienne Rose, and Acting Deputy Chief Christopher Merriam, alongside Assistant U.S. Attorney Jacob Mercer for the Eastern District of Virginia.
Under the broader mandate of Assistant Attorney General A. Tysen Duva, CCIPS has scaled up its white-collar and digital asset enforcement operations. Since 2020, the specialized section has secured convictions against more than 180 cybercriminals and intellectual property violators, alongside court mandates returning over $350 million in stolen assets to victims. Federal investigators confirmed that real-time monitoring of global network traffic will continue for the duration of the tournament, with automated mechanisms in place to flag and seize secondary “mirror” domains as piracy syndicates attempt to deploy backup infrastructure.
