This blog originally appeared in October 2020 on the Area 1 Security website, and was issued in advance of Cloudflare's acquisition of Area 1 Security on April 1, 2022. Learn more.
In less than two weeks on 3 November 2020, the United States of America will hold its quadrennial Presidential election. Concerns over cybersecurity protections and processes implemented over the preceding four years remain high, as reports of foreign interference, infrastructure vulnerabilities, and failed preparedness continue to abound.
Area 1 Security outlined the risks posed by threat actors to election administrators and their email security controls in a recent report; and we continue to analyze the baseline security practices as the nation prepares for the elections.
Just this week on Monday, 19 October 2020, the website for Orange County, Florida’s Supervisor of Elections was down. Florida’s fifth-most populous county failed to properly re-register their domain, something that was luckily resolved without incident. Four more election sensitive domains are set to expire before Election Day on 3 November 2020:
albanywi.org 2020-10-22T15:48:51Z
bcn.net 2020-10-27T04:00:00Z
chesternh.org 2020-11-01T21:06:59.000Z
bethlehemnh.org 2020-11-02T14:07:25Z
And another 20 are set to expire before the year’s end, which could be critical if outcomes are not determined or remain in question before inauguration day on 20 January 2021.
arwhlaw.com 2020-11-10T05:00:00Z
cityofcumberland.net 2020-11-13T16:46:49Z
burnetcountytexas.org 2020-11-14T00:01:15Z
antwerptownship.com 2020-11-14T22:28:21Z
bessemermi.org 2020-11-15T23:58:58Z
carsoncitymi.com 2020-11-16T16:13:58Z
carrollcountyga.com 2020-11-17T18:13:46Z
buttscounty.org 2020-11-21T18:40:57.00Z
bridgeportmi.org 2020-11-21T19:20:24Z
ci.superior.wi.us 2020-11-27T23:59:59Z
bentcounty.net 2020-12-04T15:43:00Z
cityofbr.org 2020-12-06T17:31:36Z
birchruntwp.com 2020-12-16T11:25:06Z
ci.emporia.va.us 2020-12-18T23:59:59Z
hardeecountyelections.com 2020-12-20T11:59:59Z
barrecity.org 2020-12-23T17:34:03Z
alphacomm.net 2020-12-24T05:00:00Z
andersoncountyks.org 2020-12-26T16:10:34.000Z
broomecounty.us 2020-12-27T23:59:59Z
hcnj.us 2020-12-29T23:59:59Z
An extensive list of election sensitive domain registrations is provided here.
Failure for any organization to properly register their domains poses several key risks:
Anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails.
Critical voter information could be removed from the internet or changed.
Recommendations:
Vote!
Domain owners should check the expiration dates of their domains and immediately make sure they are secured for the maximum ownership time available
Observe the recommendations for securing email in the prior “Phishing Election Administrators” report outlining the risks to election administrators and officials.