Someone pretended to be a mayor and the government gave him a .gov domain
You can pretend to be anyone on the internet. Even the mayor of a small town. A security researcher did just that and acquired an official .gov domain name, which could have been used to spread fake emergency alerts or ask Facebook for private user information. The researcher successfully registered the domain name exeterri.gov after posing as the mayor of the Exeter, Rhode Island — a small town with a population of less than 6,500 people. According to the individual, who reached out to cybersecurity reporter Brian Krebs of Krebs on Security, all they had to do was set up a fake Google Voice number and Gmail address, both completely unaffiliated with the town. After that, they filled out an official authorization form, which basically asks for the same contact information a registrar like GoDaddy or Namecheap would require. The documents needed to be printed on the town government’s official letterhead, which the researcher obtained by searching for other official Exeter documents online. According to a town clerk from Exeter, the only inquiry the city received from the GSA came 10 days after the researcher’s fake registration was approved. And the GSA only called Exeter after Krebs on Security asked about the domain. While the exeterri.gov domain has since been revoked, this case exposes serious flaws in the system that could be used for nefarious purposes. For example, the researcher was able to sign up for Facebook’s law enforcement subpoena request system, which provides law enforcement and government entities with personal user records. “GSA is working with the appropriate authorities and has already implemented additional fraud prevention controls,” said the agency in a statement to Krebs on Security. Before it was taken down, the researcher's .gov domain displayed the same content as the official Exeter website. It’s not hard to imagine someone using the fake site to spread fear through terror alerts, or ruin reputations with false arrest records, or post inaccurate voting information to sway an election. Sure, that be considered wire fraud or criminal impersonation. But some people — say, foreign entities — might be willing to risk prosecution. Initially, .gov domain names were only open to federal U.S. institutions. Now they're open to state and local governments. Last month, a bill was introducedin Congress to improve oversight over government domains by the Cybersecurity and Infrastructure Security Agency.
- 最近发表
- 随机阅读
-
- 评论丨农事运动会:一场农民的盛会、新农人风采展现的盛会、城乡双向奔赴的盛会
- 浪花洗礼千年 汉风古韵依然——东汉方形圆环螭龙凤鸟钮“李宜私印”铜印章
- 拦网!扣杀!台山“侨VA”引爆排球热
- 逛展会、食靓嘢!佛山预制美味香飘大湾区农业盛会
- Microwave technique recovers 87% of batteries' lithium in 15 minutes
- 海归回雅 英国剑桥大学研究员回川农大任教
- 紫光阁元勋画像“骁勇王国”的统帅和勇士
- 我用镜头寻找 花海果香中的雅西
- New image shows the North Star is changing. And it has spots.
- 1分之差逆转 四川金强负于卫冕冠军江苏同曦
- 合作签约添动力,揭西十大名优产品北京“出街”
- 温馨五月花 感恩母亲节
- “新丰味”喜获中国首届县域品牌擂台赛十大营销创新品牌
- “最炫足球风”来袭 球迷看球出奇招
- 台湾八大电视台赴荥经拍摄节目
- 雨城区法院查找不足再添措施争创“两个一流”
- 微视频广东:在推进中国式现代化建设中走在前列
- 1分之差逆转 四川金强负于卫冕冠军江苏同曦
- 河源赛区冠亚季军,是她们!|2023广东乡村歌手大赛
- 创意海报丨第九届四川农博会广东展品抢先看,“广东嘢样样好!”
- 搜索
-
- 友情链接
-