Pages

Search This Blog

Translate

Search Tool




Sep 8, 2020

Analysis | The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis


Tonya Riley


Researchers at the Internet safety nonprofit say that between May and July, they were easily able to purchase coronavirus-related domains such as Getcoronavirusvaccines.com, freecoronavaccine.net and Bleachcoronaviruscure.com. from registrars including GoDaddy, Domain.com and Google Domains. There is no available government-approved vaccine for the coronavirus. 
When asked about the Digital Citizens findings and about a number of suspensions of fraudulent coronavirus domains, GoDaddy referred The Washington Post to a blog post from March.
Google prohibits using domains for illegal or unlawful purposes, Google spokesperson Alex Krasov said. 
We regularly scan registrations using account signals and review all reports of possible abuse, Krasov said. If we find that a domain name registered through Google Domains violates our Terms of Service, we may suspend, cancel or terminate the domain and associated account.
Digital Citizens researchers also were able to purchase domains that could be used for scams from resellers who make a profit by acquiring already-registered domain names.
In one instance, an agent for the site DomainAgents offered to broker the sale of the domain name coronavaccine.com to Digital Citizens researchers even after the researchers made it clear they wanted the domain to sell a non-existent cure.
We represent neither the buyer or the seller and it is unusual for a buyer to share their intended use of a domain, DomainAgents chief executive Ryan McKegney wrote in an email to The Post. McKegney said the company forbids the use of its service to obtain domains for illegal uses like fraud.
Covid hadnt been on our list of exclusions, but with the amount of misinformation that is floating around, the point is taken and we will train our Customer Service Representatives to watch for it and exclude the purchase of covid-related terms going forward.

Domains found by Digital Citizens researchers are just a fraction of those registered since the start of the pandemic that are ripe for scam.

Researchers at  Check Point found that since the beginning of the year, at least 114,219 new virus-themed domains have been registered, over half of which were registered by GoDaddy. While not all the domain names are fraudulent, Check Point researchers noted in March coronavirus-related domains were 50 percent more likely to be malicious than other domains registered in that time.
“Domain name registrars should not allow cybercriminals and online scammers to register provocative domain names used to lure people to their sites, Sen. Mazie Hirono (D-Hawaii) said in response to the Digital Citizens report. Too many of these companies put their heads in the sand while criminals use their services to prey on the public, even when criminal intent is clear in the domain name itself. Domain name registrars need to take responsibility and stop enabling scams perpetrated on the public.”
Online coronavirus-themed scams have exploded since the start of the pandemic. The Federal Trade Commission has received more than 170,000 consumer complaints about coronavirus-related fraud, for everything from miracle cures to fake masks to false coronavirus relief checks. Coronavirus scams have stolen more than $114 million from consumers, the FTC reports. 
The Justice Department has sought court orders to shut down more than 300 fraudulent websites designed to sell health and safety items related to the coronavirus.
In addition to setting up domains, scammers have utilized popular social media sites including Facebook, Google and Twitter to spread medical misinformation and to sell bogus cures and masks. And despite tech giants taking an aggressive approach to the content, misinformation and scams continue to slip through.
Unlike social media companies, domain registrars have largely declined to take proactive steps to prevent potentially problematic domains from going up. 
A group of senators led by Hirono wrote a letter to eight domain registrars in April asking them to act more quickly to cancel or suspend domains hosting scams or misinformation. In response to the letter, GoDaddy argued “at a time that a domain is registered we do not know if it will be used for nefarious purposes or legitimate ends.”
Instead, the company relies on a human review process of reported abuse complaints to ensure “the public is protected while not interfering with free expression.” GoDaddy told Hironos office that as of April, it had suspended 151 coronavirus-related domains and touted its increased resources dedicated to coronavirus fraud reports and cooperation with law enforcement.
Other companies echoed GoDaddys defense they couldnt know what kind of content buyers would host. Several companies told Hirono they were unable to answer the letters question about many coronavirus-related domains they hosted. 
The Digital Citizens report, which also looked at the ease of buying domains associated with sexual abuse and dangerous drugs, concludes the issues accompanying domain registrars policies go well beyond the coronavirus crisis.
Its this idea that theyre helping on something that probably shouldnt be there in the first place or many people would say shouldnt be there in the first place, said Tom Galvin, executive director of the Digital Citizens Alliance. He pointed out Digital Citizens was able to purchase date-rape-drug.com from Namecheap. I think this is a red flag. 
Digital Citizens Alliance, which has conducted previous investigations into the unauthorized sales of opioids and steroids online, receives funding from telecommunications, pharmaceutical and tech organizations, as well as some members of the Motion Picture Association of America.

Consumer advocates are asking domain registrars to do more.

The National Association of Boards of Pharmacy, which has raised concerns about how fake online pharmacies have capitalized on the pandemic, say that domain registrars could work with organizations like theirs to verify online pharmacies before they give them domain names. 
Of the eight domain registrars Hirono wrote to, only Donuts Inc., which owns Name.com, said in its response that it works with a trusted notifier to verify registrations for pharmaceutical sales.

Legal action can also put pressure on domains.

For instance, in March a federal judge ordered Namecheap, one of the registrars reviewed by Digital Citizens Alliance, to take down a domain it registered accused of stealing credit card information for fake vaccine kits. Namecheap now requires interaction with a support agent to register a related domain instead of permitting buyers to automatically register them.
Some upstanding registrars refuse to do business with illegal online drug sellers, said Lemrey Carter, executive director of the  National Association of Boards of Pharmacy. Unfortunately, many other registrars believe they are under no responsibility to take action without a court order, which is often difficult or impossible to obtain due to the international nature of the Internet. 
Congress could also step in to pass legislation that requires registrars to lock and suspend domain names registrars know are being used illegally. Lawmakers could amend current law giving registrars protection from liability for content posted on their domains, Carter said.
Digital Citizens advocates for registrars to work with trusted notifiers such as the Food and Drug Administration. But Galvin said before regulators step in, registrars could use a combination of technology to flag potentially malicious terms and require a manual review process for domains before selling them.
Theres an opportunity here for the domain industry to raise the bar itself, said Galvin. “In the last 10 years, weve seen the Internet take a darker turn. Whether its manipulation or exploitation, disinformation, this is something we need leadership on more broadly.”

The keys



China launched its own global data-security initiative to counter a U.S. push against Chinese tech. 

The new rules increase tensions with Washington over technological competition amid U.S. allegations Chinese technologies pose a national security threat, Chun Han Wong at the Wall Street Journal reports.  
The initiative calls on partnering nations to maintain an open and secure supply chain, and respect other countries cyber sovereignty."
It also urges members to oppose “mass surveillance against other states” and calls on tech companies not to install “back doors in their products and services to illegally obtain users’ data. The U.S. government has accused Beijing of both practices, placing restrictions on companies including Huawei as a result.
The United States last month launched its “Clean Network” program, an initiative to develop digital standards to safeguard U.S. citizens data from foreign threats including the Chinese Communist Party. More than 30 countries are participating in the program. 
“Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ network and used security as a pretext to prey on enterprises of other countries who have a competitive edge,” Chinese Foreign Minister Wang Yi said in announcing that country's initiative “Such blatant acts of bullying must be opposed and rejected.”

The U.S. extradition trial of WikiLeaks founder Julian Assange resumed in London.

The trial, which will decide whether Assange will be extradited from the United States to Britain, had been on pause during the coronavirus crisis, William Booth reports.
Assanges lawyers asked for a four-month delay, arguing the prosecutions updated indictment in June included new information that required more time for discovery.
The judge denied the request.
Cybersecurity advocates, however, worry that stretches the interpretation of the law too much and could set a dangerous precedent. 
Assanges lawyers call the charges purely political offenses.
Only one witness was called Monday, Mark Feldstein, a former investigative reporter and now a University of Maryland journalism professor. However, his testimony was largely derailed by technical issues. The hearings will resume Thursday.

China is slamming the U.S. government for potentially restricting exports to its biggest chipmaker.

The addition of chipmaker SMIC to the Commerce Department restriction list over national security concerns would block U.S. companies from selling SMIC technology without a license, Jeanne Whalen reports.  
Its the same list that Commerce added Huawei to last year in light of concerns that it could provide a back door to Chinese espionage.
The act would be blatant hegemony, Zhao Lijan, a spokesman for the Chinese Foreign Ministry, told reporters Monday, CNBC reports
“What the U.S. has been doing uncovers the fig leaf of market economy and fair competition, which the U.S. has long been touting,” he said. “This not only breaks international trade rules, global industry chain, supply chain and value chain, but also spoils national interests and image of the U.S. itself.” 
SMICs stock plunged over 23 percent when markets opening on Monday after the news.

Hill happenings



The House Oversight Committee will investigate Postmaster General Louis DeJoy.

House Democrats also called for his immediate suspension, Amy Gardner reports.
The investigation follows a Washington Post report in which former employees of DeJoy's logistics company accused DeJoy of pressuring them into making political contributions that would be reimbursed in the form of bonuses later. Such a scheme would have been illegal.
Rep. Carolyn B. Maloney (D-N.Y.) said in a statement the Oversight panel, which she chairs, would begin an investigation, adding that DeJoy may have lied to her committee under oath.
Maloney also urged the Board of Governors of the U.S. Postal Service to immediately suspend DeJoy, whom “they never should have hired in the first place,” she said.
DeJoy, a prolific GOP fundraiser, has come under significant scrutiny and accusations of political bias for his postal operations changes that have delayed deliveries and could interfere with the election.
The Post’s findings also prompted calls for an independent investigation from other Democrats, including the Democratic Attorneys General Association. Rep. Adam B. Schiff (D-Calif.). Senate Minority Leader Charles E. Schumer (D-N.Y.) urged the North Carolina attorney general to launch a criminal investigation.

Industry report



Verizon signed a $6.65 billion contract for Samsung to provide network equipment for 5G.

The Verizon deal could help bolster Samsung’s credibility, as many carriers seek an alternative to Chinese-owned equipment in light of U.S. restrictions, the Wall Street Journal reports.

Daybook


  • The House Oversight and Reform Committee will hold a hearing on “Ensuring a Free, Fair, and Safe Election During the Coronavirus Pandemic” at 1 p.m. tomorrow.
  • The House Oversight and Reform Committee will hold a hearing on “Providing the Census Bureau with the Time to Produce a Complete and Accurate Census” on Thursday at 11 a.m.
  • The Senate Judiciary Committee will hold a hearing to examine threats to U.S. intellectual property, focusing on cyberattacks and counterfeits during the coronavirus pandemic on Sept. 23 at 2:30 p.m.

Secure log off


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.