Majority of Election Sites in Battleground States Lack Validation, McAfee Finds

February 6, 2020 by Dan McCue February 6, 2020by Gopal Ratnam, CQ-Roll Call (TNS)
Majority of Election Sites in Battleground States Lack Validation, McAfee Finds

WASHINGTON — A vast majority of election-related websites operated by local governments in battleground states lack a key feature that would help distinguish them from those run by commercial entities or criminal hackers — a site that ends in .gov as opposed to .com or other extensions, according to cybersecurity research firm McAfee.

Of 1,117 counties in 13 key states, which account for 201 of the 270 Electoral College votes that determine the winner of presidential contests, 83.3% didn’t have the .gov validation, McAfee found.

When government websites operate using .com or other domain extensions, it becomes easy for foreign adversaries to put up fake sites that imitate government websites and to mount disinformation campaigns aimed at misleading voters, said Steve Grobman, McAfee’s chief technology officer.

“If we look at the battleground states, the local election websites are still not operating with the level of security we’d expect,” Grobman told CQ Roll Call. “We see the vast majority are not using .gov, meaning that normal citizens may not be able to identify if an election website is real or not. And only half of them use encryption, so information they’re transmitting is not secure.”

Attackers trying to mislead voters could set up fake websites ending in .com or .us or other domain extensions, similar to those used by local agencies, making them hard to distinguish from authentic ones, Grobman said.

If all government websites, from federal agencies to local governments, operated only with a .gov domain, then a nationwide campaign could educate citizens and voters to trust only .gov websites, Grobman said.

Minnesota was the worst offender, with 95.4% of its sites lacking the .gov extension, while Texas, Michigan, Nevada, Pennsylvania and Ohio were among the states where more than 80% of sites had no validation through the .gov extension, McAfee found.

In Iowa and New Hampshire — two key states that hold the first caucus and primary, respectively, to pick a party’s presidential candidate — significant majorities of sites lacked the .gov extension, McAfee found. In Iowa, 88.9% operate without .gov, while 90% of New Hampshire sites lack one.

More than two-thirds of Arizona’s websites had the .gov extension, making it the state with the most validation. Still, because one-third of the state’s sites lacked the .gov extension, “hundreds of thousands of voters could still be subjected to disinformation schemes,” McAfee said.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, and some lawmakers have been urging state and local agencies to boost security measures.

“We encourage organizations to move to the .gov domain,” Christopher Krebs, director of CISA, told reporters last week after completing an election security exercise with state and local governments. “We do think that between now and the election, there may be other security measures we can put in place like multifactor authentication on key administrator accounts and ensuring that websites have ‘https’ (prefixes). Ultimately, we’d like everyone in government to be on the .gov domain.”

To obtain a .gov extension, local governments have to get permission from the U.S. government.

A bipartisan bill under consideration in the Senate Homeland Security and Governmental Affairs Committee would require CISA to come up with a plan to migrate all government agencies to the .gov domain. The legislation is sponsored by Sen. Gary Peters, D-Mich., and backed by Sens. Amy Klobuchar, D-Minn.; Maggie Hassan, D-N.H.; Ron Johnson, R-Wis.; Roy Blunt, R-Mo.; and James Lankford, R-Okla.

The .gov extension is a top-level domain name administered by the General Services Administration and available only for U.S. federal, state and local government agencies. Domain names for foreign government agencies typically use .gov, followed by an abbreviation of the country name.

Some U.S. federal agencies follow a different naming convention for their websites. The Pentagon and military services, for example, use the .mil extension.

Nearly half of the local government election websites also lacked another key security feature that’s denoted by “https” in front of a website’s address, McAfee found. Instead, 46.6% of the local government sites were operating with only an “http,” which means that data flows in and out of those websites in an unencrypted form, potentially leaving them vulnerable to manipulation.

In Iowa and New Hampshire, about 30% of election websites operate without the https feature, McAfee found.

Top technology companies, including Google, tell developers that all websites should be protected with the https technology. Without the secure layer, intruders can tamper with communications between users and websites and trick users into giving up sensitive information, Google warned developers last year.

All information that flows between users and websites, including images, cookies, scripts and HTML, can be exploited without https, Google said.

———

©2020 CQ-Roll Call, Inc., All Rights Reserved

Visit CQ Roll Call at www.rollcall.com

Distributed by Tribune Content Agency, LLC.

A+
a-
  • elections
  • voting
  • In The News

    Health

    Voting

    2020 Elections

    Pro-Trump Michigan Attorney Arrested After Hearing in DC Over Leaking Dominion Documents

    An attorney facing criminal charges for illegally accessing Michigan voting machines after the 2020 election was arrested Monday after a... Read More

    An attorney facing criminal charges for illegally accessing Michigan voting machines after the 2020 election was arrested Monday after a hearing in a separate case in federal court in Washington, D.C. Stefanie Lambert was arrested by U.S. Marshals after a hearing over possible sanctions against her... Read More

    Judge to Consider Whether to Remove District Attorney Fani Willis From Georgia Election Case

    ATLANTA (AP) — A Georgia judge who is deciding whether to toss Fulton County District Attorney Fani Willis off of... Read More

    ATLANTA (AP) — A Georgia judge who is deciding whether to toss Fulton County District Attorney Fani Willis off of her election interference case against former President Donald Trump has set a hearing for Thursday that is expected to focus on details of Willis' personal relationship with a special prosecutor she hired.... Read More

    Tape Reveals Donald Trump Pressured Michigan Officials Not to Certify 2020 Vote, New Report Says

    AP — Donald Trump pressured two election officials not to certify 2020 vote totals in a key Michigan county, according... Read More

    AP — Donald Trump pressured two election officials not to certify 2020 vote totals in a key Michigan county, according to a recording of a post-election phone call disclosed in a new report by The Detroit News. The former president 's 2024 campaign neither confirmed nor denied the recording's... Read More

    Appeals Court Says Mark Meadows Can’t Move Georgia Election Case Charges to Federal Court

    ATLANTA (AP) — A federal appeals court on Monday ruled that former Trump White House chief of staff Mark Meadows cannot move... Read More

    ATLANTA (AP) — A federal appeals court on Monday ruled that former Trump White House chief of staff Mark Meadows cannot move charges related to efforts to overturn the 2020 election in Georgia to federal court. Meadows was indicted in August along with former President Donald Trump and 17 others... Read More

    December 15, 2023
    by Dan McCue
    Jury Slaps Giuliani With $148M in Damages in Defamation Case

    WASHINGTON — After a four-day civil trial, a jury of eight District of Columbia residents awarded two Georgia workers more... Read More

    WASHINGTON — After a four-day civil trial, a jury of eight District of Columbia residents awarded two Georgia workers more than $148 million in their defamation case against Rudy Giuliani, the former New York City mayor turned Trump acolyte. Giuliani was found liable for defaming Ruby... Read More

    December 8, 2023
    by Dan McCue
    Appeals Court Largely Upholds Trump DC Gag Order

    WASHINGTON — A federal appeals court panel on Friday largely upheld a gag order imposed on former President Donald Trump... Read More

    WASHINGTON — A federal appeals court panel on Friday largely upheld a gag order imposed on former President Donald Trump in the criminal case accusing him of trying to overturn the results of the 2020 election, but loosened it just enough to allow criticism of the... Read More

    News From The Well
    scroll top