External threat intelligence experts have detected hundreds of fake election web domains designed to target American voters.
New research by Digital Shadows uncovered over 550 fake domains ranging from false funding pages to counterfeit candidate sites set up against 19 Democrat and four Republican presidential candidates.
Most of the sites—68%—simply redirect the user to another domain, often to that of a rival candidate. Worryingly, 8% of domain squats discovered redirect users to file converter or secure browsing Google Chrome extensions that can be used to infringe on voter privacy and host potentially dangerous malware if downloaded.
One false funding page exploited the possibility of a typo to encourage voters to switch their allegiance. Financial donors who accidentally type WinRde.com when searching for Republican fundraising page WinRed.com are taken to ActBlue.com, a fundraising site for the rival Democratic party.
Harrison Van Riper, strategy and research analyst at Digital Shadows, told Infosecurity Magazine: "We detected a few redirecting domains (donaldtrump[.]cloud, for example), which sent the browser to doyoulikebread.weebly[.]com and would pose the straightforward question of "Do You Like Bread?" with Yes or No options.
"Yes would lead the user to a video for “You’re the one that I want” from the musical Grease, and No would lead to a video of Oprah Winfrey exclaiming how much she likes bread. The internet can be a weird place, sometimes!"
In total, 66 of the 550+ domains were being hosted on the same IP address, registered under the privacy protection service WhoisGuard, Inc. and potentially operated by the same individual. Digital Shadows was unable to attribute any of the fake domains to a specific person or group.
"We really can't say who is responsible for these redirects, but hackers with a sense of humor is certainly a possibility. It could also be individuals who want to see their favorite candidate succeed," Van Riper told Infosecurity Magazine.
Van Riper said that the enactment of the GDPR regulation has made it harder to tell who or what organization stands behind a specific domain. Under the new rules, domain registration details have been removed from official records.
Instead of changing the law to prevent fake sites, Van Riper suggests registrars could do more to combat the problem. He said: "I don't see this as a legal issue; rather, I think that registrars could do more to verify that people registering these domains are doing so for legitimate purposes. This is a huge task, but ultimately, it's within the registrar's control to help combat the issue of people setting up fake domains for legitimate websites."