The FBI has known dozens of suspects that appear to be official elections but are invalid and can be used to interfere with the 2020 vote, according to a Department of Homeland Security bulletin sent to the national and local government across the country and reviewed through Yahoo News. . UrLs are imitations close to the state and federal election matrix and can be used to disseminate false data on how to vote or for election interference or to influence operations.
“Between March and June 2020, the FBI became aware of suspicious typographical errors in U.S. state and federal election areas, according to an FBI report from a collaborative source,” says the August 11 bulletin.
Typosquatting refers to Internet sites configured to mimic a genuine or official website, employing spelling errors or similar domain names, in the hope of attracting users who enter the wrong address.
“These domain names suspected of typosquatting can be used for advertising, credential collection and other malicious purposes, such as phishing and influence operations,” says the DHS newsletter. “Users pay special attention to the spelling of Internet sites or Internet sites that seem reliable, but possibly are imitations close to Internet sites valid for U.S. elections.”
A DHS official told Yahoo News that registering those similar domain names would possibly not be destructive; however, they are concerned that they may be the “first preparatory step for criminals and foreign adversaries” who make plans to carry out a series of attacks of other kinds. contrary to the presidential election.
This comes when the U.S. intelligence network says Russia, China, and Iran are looking to meddle in the upcoming elections. Earlier this month, the Office of the Director of National Intelligence issued precautionary reports on several countries, adding Russia, China, and Iran, to influence the 2020 elections. And on Wednesday, Bill Evanina, director of the National Counterintelligence and Security Center, said Cuba, North Korea, and Saudi Arabia are also running to influence U.S. elections with data operations, cyberscoop reported.
Amid a pandemic, and as Congress and the public worry that the postal formula will be overwhelmed, some states are still struggling to implement adjustments to their voting procedure, and the electorate is connecting online to find out how to vote for the president. But the lack of popular use of dot-gov and the decentralized nature of U.S. elections can make it difficult for the electorate to know what data and resources to rely on.
“A user who tries to access a county’s online page for voting data may be redirected to a site created to borrow non-public monetary data or credentials,” said Lawrence Norden, director of the electoral reform program at new York University’s Brennan Center for Justice. Faculty of Law.
“And, of course, misdata. Something can be put in position to give data to the electorate on how to vote,” Norden said.
“We’re also involved in all those sites that falsify election night reports,” he said.
The addresses of those informed through the FBI come with names that seem to refer to votes in states such as Pennsylvania, Georgia, Tennessee, Florida and others. Many end up at dot-com, others via dot-net, as do many official election sites.
This makes it harder for others to know if they click on the genuine government online page or on a close approximation that can give them erroneous data or install malware on their computer that steals all their data. This is especially problematic for those who have voting data from their cell phone, where it is more difficult to see the full handling of an online page before clicking on it.
Some states and counties use dot-gov, however, many other local and state election Internet sites end with dot-com, dot-net, dot-org, dot-us, domain names that can be purchased. A point-gov domain arrives at a government assessment and indicates that it is a valid site.
A bipartisan bill to speed up approval for dot-gov states and counties has been in the Senate since January. In particular, he addressed the election factor and cited a 2018 review through security company McAfee, which found that most county Internet sites in changing states did not use dot-gov addresses. More than 90% of counties in Minnesota, Texas, Michigan, and New Hampshire were in non-dot-gov sites, and Ohio and Mississippi were more than 85% non-dot-gov. Since then, Ohio has changed to dot-gov, and the percentage of counties nationwide dot-gov has since increased, according to a June 2020 update to McAfee.
Colorado went from dot-com to point-gov in 2018 after noticing that he had purchased a domain call very similar to its official voting portal and then govotecolored-dot-com, said Trevor Timmons, data director for Colorado’s secretary of state. The state’s official electoral portal is now govotecolorado.gov.)
“Govotecolored2018-dot-com bought through someone else that’s not us, and when we saw that, we called the FBI,” he said.
This has never been brought online with content, but if it had, it may have thrown the election into chaos.
Moving elections from all states to a point-government like this would mitigate some, if not all, the dangers associated with those false election sites.
The FBI declined to comment and referred the questions to DHS, which declined to comment on the case.
“It’s not just a government problem,” a DHS official told Yahoo News, who asked not to be appointed to talk about sensitive security issues. “Campaigns run on their own infrastructure, with their own websites, their own messaging service.”
Only after the election, the transition team for incoming management was established with point-gov addresses.
Meanwhile, voter security researchers in the run-up to the election are also seeing domain names and imitating applicants or the party or substitute.
“It’s a very volatile environment,” said Kacey Clark, a risk researcher at Digital Shadows, who has researched typosquatting sites on the issue of presidential candidates. “You can see how this can easily confuse users.”
He discovered dozens of recently registered Internet sites that appear to be related to Joe Biden and Kamala Harris, he told Yahoo News. Many seem harmless, others appear to be data resources, and may be simply destructive depending on the content that appears. Those who redirect or try to download an extension are the ones that fear the most: this is how you can install the malware. Some appear to a candidate and yet redirect you to an opponent’s online page.
Like choiceArray imitations, those fake candidates can be used for fraudulent purposes, or even simply to deceive voters.
All those typosquatting sites are not created for purposes, stressed the DHS official. It is unclear how or even whether sites reported through DHS, or others such as McAfee and Clark, will be used in the end, which is why it is so important for states to have backup plans, said Norden, an election expert at NYU Brennan Center.
“Unfortunately, we don’t know what we don’t know, ” said Norden.
“These backup plans are what I’m involved in now,” he said. “There’s still time, but we’re running out of time.”
_____
Learn more about Yahoo News:
You don’t want the U.S. Postal Service Give you your mailing slip
Trump says young people are “almost immune” to COVID-19. The doctors agree.
Memorable moments from conventions
Do you have to send your child to school? Here’s how to weigh the dangers of coronavirus
How coronavirus can replace school play forever