Most domains linked to US election vulnerable

By Dylan Bushell-Embling
Monday, 12 October, 2020

Most domains linked to US election vulnerable

Over 90% of web domains associated with the presidential election campaigns of Donald Trump and Joe Biden are not using registry locks to protect their domains from domain and DNS hijacking, research suggests.

The research from CSC’s Digital Branch Services division found that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols.

These domains are being targeted for disinformation activities such as domain spoofing, and threats including domain name and DNS hijacking and phishing.

Of the typo domains associated with and, 60% are still available for registration, leaving them open to future threats. More than a third of currently registered typo domains are meanwhile linked to third parties.

Of this third, nearly 70% were registered in 2020 leading up to next month’s election, are configured to send and receive emails, which can be used to lure donors to phishing sites and conceal the domain owner’s identity behind proxy or privacy services.

Meanwhile, more than 75% of the election-related domains are using retail-grade domain registrars, which do not provide advanced security protocols.

“Due to the sensitivity and importance of the US election process, domain security remains a major vulnerability for the potential of foreign interference, fraud and misinformation,” CSC DBS Executive Vice President Mark Calandra said.

“As an organisation with the most visibility into the domain landscape, we advocate for the sanctity of voter trust and encourage both presidential candidates and other websites in the electoral ecosystem to prioritise domain security on their websites to ensure security and build confidence.”

Spamhaus Industry Liaison Matthew Smith added that his company, CSC DBS, and others have been banging the drum about the importance of securing election-related domains for some time.

“We have reached the point where awareness is not enough. Those responsible for managing domain registrations, including registrars and hosting companies, need to have an actionable plan that is aligned with best practices,” he said.

“Additionally, experiences must be shared between those within the industry for the good of the wider internet community.”

Image credit: ©

Related Articles

Why the success of modern cyber defence hinges on identity security

 A single compromised identity could easily provide the keys to the kingdom if it isn't...

Emergency onboarding: what to do before and after a data breach

Organisations that have an emergency onboarding plan are better positioned to have their business...

Savvy directors are demanding more points of proof when cyber incidents occur

Pre-agreement on what a post-incident forensics effort should produce — and testing it out...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd