Subscribe to receive notifications of new posts:

With 14 days to go, we haven’t nailed the basics: election security risks from expired domains

2020-10-20

1 min read

This blog originally appeared in October 2020 on the Area 1 Security website, and was issued in advance of Cloudflare's acquisition of Area 1 Security on April 1, 2022. Learn more.

In less than two weeks on 3 November 2020, the United States of America will hold its quadrennial Presidential election. Concerns over cybersecurity protections and processes implemented over the preceding four years remain high, as reports of foreign interference, infrastructure vulnerabilities, and failed preparedness continue to abound.

Area 1 Security outlined the risks posed by threat actors to election administrators and their email security controls in a recent report; and we continue to analyze the baseline security practices as the nation prepares for the elections.

Just this week on Monday, 19 October 2020, the website for Orange County, Florida’s Supervisor of Elections was down. Florida’s fifth-most populous county failed to properly re-register their domain, something that was luckily resolved without incident. Four more election sensitive domains are set to expire before Election Day on 3 November 2020:

albanywi.org 2020-10-22T15:48:51Z

bcn.net 2020-10-27T04:00:00Z

chesternh.org 2020-11-01T21:06:59.000Z

bethlehemnh.org 2020-11-02T14:07:25Z

And another 20 are set to expire before the year’s end, which could be critical if outcomes are not determined or remain in question before inauguration day on 20 January 2021.

arwhlaw.com 2020-11-10T05:00:00Z

cityofcumberland.net 2020-11-13T16:46:49Z

burnetcountytexas.org 2020-11-14T00:01:15Z

antwerptownship.com 2020-11-14T22:28:21Z

bessemermi.org 2020-11-15T23:58:58Z

carsoncitymi.com 2020-11-16T16:13:58Z

carrollcountyga.com 2020-11-17T18:13:46Z

buttscounty.org 2020-11-21T18:40:57.00Z

bridgeportmi.org 2020-11-21T19:20:24Z

ci.superior.wi.us 2020-11-27T23:59:59Z

bentcounty.net 2020-12-04T15:43:00Z

cityofbr.org 2020-12-06T17:31:36Z

birchruntwp.com 2020-12-16T11:25:06Z

ci.emporia.va.us 2020-12-18T23:59:59Z

hardeecountyelections.com 2020-12-20T11:59:59Z

barrecity.org 2020-12-23T17:34:03Z

alphacomm.net 2020-12-24T05:00:00Z

andersoncountyks.org 2020-12-26T16:10:34.000Z

broomecounty.us 2020-12-27T23:59:59Z

hcnj.us 2020-12-29T23:59:59Z

An extensive list of election sensitive domain registrations is provided here.

Failure for any organization to properly register their domains poses several key risks:

  1. Anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails.

  2. Critical voter information could be removed from the internet or changed.

Recommendations:

  • Vote!

  • Domain owners should check the expiration dates of their domains and immediately make sure they are secured for the maximum ownership time available

  • Observe the recommendations for securing email in the prior “Phishing Election Administrators” report outlining the risks to election administrators and officials.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Email SecurityCloud Email SecurityPhishing

Follow on X

Cloudflare|@cloudflare

Related posts

October 08, 2024 1:00 PM

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. ...

May 30, 2024 1:00 PM

Disrupting FlyingYeti's campaign targeting Ukraine

In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine...