Earlier this month, KerbsOnSecurity received an email from a researcher claiming that it had easily acquired the .GOV domain name by simple means. If this vulnerability is exploited, or causes . There is a crisis of confidence in the Gov domain name. It said it had successfully swindled the auditors by filling out an online form, grabbing some of the head-up information from the home page of a small town with a .us domain name in the United States and impersonating local officials in the application.
(Image via KrebsOnSecurity)
The source, who asked not to be named, said: ‘It used a fake Google voice number and a fake Gmail address, but it was all for thought experimentation, and the only thing true in the information was the name of the government official.
It is reported that this email was sent from the exeterri.gov domain name. The domain name was registered on November 14 and the content of the site is the same as the .us site it imitated (the Town.exeter.ri.us site in Exeter, Rhode Island, is now invalid).
The source added: ‘It has to fill out a formal authorization form, but basically just lists information such as administrators, technicians and billing staff.
In addition, it needs to be printed on an “official letterhead”, but you only need to search for a municipal government document template to make it easy to fake it.
Then send it by fax or mail, and once the approval is approved, you can create a link from the registrar.
Technically, the source has been implicated in mail fraud. If it uses services in the United States, it may also be charged accordingly. But for cybercriminals hiding in the dark, the loophole is clearly not a must.
In order to plug the process loophole, the whistleblower wants to be able to introduce more stringent ID authentication. Although his experiment was not legal, it turned out that it was easy to get away with it.
Earlier today, Krebs OnSecurity contacted real Exeter officials. A staff member, who did not want to be named, said the GSA had called the mayor’s office on November 24.
However, the call came four days after it was asked by federal agencies, about 10 days after the counterfeit ingress were approved.
Although there was no direct response, the agency wrote: “The GSA is cooperating with the authorities and has implemented other fraud prevention controls.” It did not elaborate on the specific additional errors.
But KrebsOnSecurity did receive a substantial response from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which said it was working to protect the .gov domain name.