Most domains linked to US election vulnerable


By Dylan Bushell-Embling
Monday, 12 October, 2020

Most domains linked to US election vulnerable

Over 90% of web domains associated with the presidential election campaigns of Donald Trump and Joe Biden are not using registry locks to protect their domains from domain and DNS hijacking, research suggests.

The research from CSC’s Digital Branch Services division found that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols.

These domains are being targeted for disinformation activities such as domain spoofing, and threats including domain name and DNS hijacking and phishing.

Of the typo domains associated with joebiden.com and donaldjtrump.com, 60% are still available for registration, leaving them open to future threats. More than a third of currently registered typo domains are meanwhile linked to third parties.

Of this third, nearly 70% were registered in 2020 leading up to next month’s election, are configured to send and receive emails, which can be used to lure donors to phishing sites and conceal the domain owner’s identity behind proxy or privacy services.

Meanwhile, more than 75% of the election-related domains are using retail-grade domain registrars, which do not provide advanced security protocols.

“Due to the sensitivity and importance of the US election process, domain security remains a major vulnerability for the potential of foreign interference, fraud and misinformation,” CSC DBS Executive Vice President Mark Calandra said.

“As an organisation with the most visibility into the domain landscape, we advocate for the sanctity of voter trust and encourage both presidential candidates and other websites in the electoral ecosystem to prioritise domain security on their websites to ensure security and build confidence.”

Spamhaus Industry Liaison Matthew Smith added that his company, CSC DBS, and others have been banging the drum about the importance of securing election-related domains for some time.

“We have reached the point where awareness is not enough. Those responsible for managing domain registrations, including registrars and hosting companies, need to have an actionable plan that is aligned with best practices,” he said.

“Additionally, experiences must be shared between those within the industry for the good of the wider internet community.”

Image credit: ©stock.adobe.com/au/MarketingShotz

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

Department of Agriculture modernises TAMS system

SA Water revamping spend management platform

Cobalt Iron nabs EU patents for security techniques

New online resource to support employment of ex-service people

Good evidence confuses ChatGPT when used for health information: study

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

Network sensing project to enable real-time flood intelligence

Researchers develop a tuneable terahertz wave filter

Researchers develop programmable photonic processor

Monash University home to three electron microscopes

Hidden semiconductor activity spotted by researchers

Novel material improves stability, efficiency of PSCs

Four-terminal tandem organic solar cell achieves 16.94% PCE

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd