Information Warfare: What’s in a Name?

Simple, inexpensive steps you can take now to prevent bad guys from making your agency look bad

By Elijah Woodward  |   Jul 15, 2015

Imagine this: You’re sitting in prison with an abundance of time on your hands, and you’re getting paper copies of emails regarding your case. You notice that the email address, prison.state.gov, looks like something you can forge. You pay a couple of bucks, get someone to smuggle you a cell phone in to prison and you register a similar looking website, prison.state.org.Chris Soole

Then, you send an email to the prison administration from your new fake website, and you tell them, “Prisoner [Your Name Here] is being released tomorrow, with a new court date a month from now.” Naturally the prison administration, not paying close attention to the email address it came from, releases you.

Stop imagining. Exactly this happened last year at a British prison. Below is a copy of the domain registration information. Pay close attention to the registrant—that’s the detective who arrested the suspect in the initial fraud case that landed him in prison. (The fraudster’s name is Neil Moore, and you can read more about this case here.)

This is an example of a type of internet fraud known as “typo squatting.” As with most frauds and internet scams, it relies on the failure of the least maintained equipment in the world: human brains. Typo squatting is something accomplished quite easily, and something many public safety websites are starting to see.

For example, a local sheriff’s department has their website advertised on the back of every single patrol car: “countysheriff.org.” A number of websites have popped up that have this exact name on them, except with slight misspellings of the word “sheriff.” One version has only one F, while another has two Rs. These websites are all registered to a particular individual out of Ho Chi Minh City, Vietnam.

Why the heck would Ho Chi Minh City, Vietnam be registering sites like that?

There’s a lot of reasons, actually, but obviously this raises serious concerns about safety for our public. Imagine they’re trying to go to your website to report a crime, and they accidentally misspell the name of your website. They land on a webpage that’s cloned and looks exactly like yours, but as they fill out forms they’re actually giving identity thieves their personal information.

But it doesn’t just stop there! Targeted email phishing attacks (known as “spear phishing”) can also use this clever bit of trickery. Recently a small town in Arizona, whose website is smalltownaz.gov, saw someone sending their finance director emails, impersonating the town manager! The emails included attachments with instructions to send $53,000 to someone in another state. The emails looked exactly like the town manager’s, except the email came from a website, “smalltownaz.co.” The finance director caught this and didn’t send the money, fortunately.

Further investigation revealed that the website, smalltownaz.co, was created at 1:29 PM that afternoon, and the finance manager started receiving the emails at 2:08 PM that same day. Naturally the mail records for the email indicated it came from a server on a continent on the other side of the world.

So what can we do to protect ourselves? And the public?

  1. Pay attention to the details! The smallest things can make all the difference, so pay close attention to the addresses emails are coming from, especially if something just doesn’t seem quite right.
  2. Get a .gov website! The fraudsters can also get .org domains, and there’s way too many agencies that still have websites that are .orgs. This needs to stop! We’re making it much too easy for the bad guys. Head on over to dotgov.gov to find out how to get your agency on board.
  3. Start registering similar websites! The Arizona Department of Public Safety has done a great job of this. Their primary site is AZDPS.gov, but they also own AZDPS.com, and .org. If you visit those other two sites, they automatically redirect you to the .gov website. Which is another reason to get a .gov!!

Follow-up:

The domain, hmcts-gsi-gov.org.uk, that was used to get a man out of prison is currently available. And it’s yours for a low price of $7.58!

org.uk

Here’s some other names you might recognize, and how much you can get their websites for:

various domains


Conclusion

Take a moment do a search. Spend a little money up front—and it really doesn’t cost much, not especially in the scheme of things—and prevent future headaches. This is basic due diligence in this day and age.