Fake news and fraudulent domains

The abuse of domain names is beginning to ramp up ahead of the 2020 US presidential election

The abuse of domain names and the internet’s Domain Name System is beginning to ramp up ahead of the 2020 US presidential election.

The degree to which search keywords, top-level domains, and hosting infrastructure are being abused to orchestrate misinformation campaigns and clickbait is no clearer today than it was in 2016.

However, an ongoing research effort by Cisco Umbrella aims to bridge this knowledge gap. The cloud platform’s preliminary findings were presented at the Virus Bulletin conference in London earlier today (October 4).

Using Cisco Umbrella’s global visibility into the Domain Name System (DNS), the researchers began by analyzing behind-the-scenes activity in the three months leading up to the 2016 US presidential election, identifying domains based on political keywords and the hosting and content delivery infrastructure that they rely on.

The second phase of the research involved using the same methodology to look at how the DNS system is been abused in line with the Democratic primaries.

Disinformation campaigns

Dr Dhia Mahjoub, head of security research at Cisco Umbrella, said that the research has identified 47,000 domains that contained political keywords in 2019 – twice as many as in 2016.

Trump-related domains dominate DNS traffic, he said.

Some of these are legitimate websites related to the US president’s business activities and re-election campaign, while others are punting fake or distorted ‘news’.

Disinformation campaigns typically involve nation-states and foreign actors abusing social media sites to spread propaganda.

At the same time, smaller campaigns pick up on political headlines and twist them in order to lure individuals into clicking on links and advertisements.

One example of the latter is a so-called ‘Trump dump’ site that has nothing to do with political criticism, but is actually a carding site that’s been given a comedic moniker by cybercriminals.

Hot topics

Outside of Trump-related sites, the main block of political keyword featuring sites logged by Cisco Umbrella mentioned either former President Barack Obama or Hillary Clinton, the 2016 Democratic Presential candidate.

Traffic to Clinton-themed sites, many of which are negative in tone, is down compared to three years ago.

Websites referencing Joe Biden and other prospective 2020 Democratic nominations are still much fewer in number than those referencing Hillary, but this is likely to change over time.

Even so, the overall number of sites featuring political keywords is still double what it was three years ago.

Dr Mahjoub described much of this activity as the “weaponization” of domain names and abuse of the DNS system to spread propaganda.

Asked to account for the increase in politically themed domain names over the last three years, Dr Mahjoub told The Daily Swig that it was overwhelmingly geared towards web users.

“Exhaustion and confusion are as much a part of the delivery mechanism of propaganda as they are of its content,” he said.


RELATED Firefox DNS-over-HTTPS rollout starts later this month