recommended reading

Do You Know Who Runs the Dot-Airforce Internet Domain?

weerapat kiatdumrong/Shutterstock.com

The growing number of domain name extensions, such as dot-airforce, might mean federal agencies run into more email phishing schemes, some brand reputation consultants say.

Copycats recently generated a fake Thrift Savings Plan retirement fund website and sent Army members emails directing them to change their passwords as a part of one such scam. In that case, the credential-stealing trick was orchestrated by fellow service members who were testing troops’ cybersecurity instincts. But most fake sites aren't so friendly. 

The Internet Corporation for Assigned Names and Numbers is in the process of approving hundreds of new "generic top level domain," or gTLDs, which could provide further avenues for swindlers to create rogue or cloned websites as homes for their phishing activities.

Phishing involves posing as a trusted acquaintance and sending emails to targets that trick them into visiting malicious websites. 

"If a fraudster were able to bypass the trademark clearing process and purchase domain addresses such as TSP.finance, TSP.bank, TSP.loan, TSP.savings, TSP.insurance, such names provide the perception of legitimacy to clients," said Haydn Simpson, a product director at online brand protection company NetNames. "There are also a number of domain names that could give false authenticity, such as .army, .navy and .airforce, which have yet to define what criteria will be used for registration purposes."

At the same time, agencies, including TSP, could use the opportunity to its advantage -- by reserving a safer domain name. 

The new dot-secure suffix, for instance, when launched, will only be available to organizations "that can prove their own infrastructure is water tight and impervious from external threats -- TSP.secure would be seen by the external world as a trusted source and could not be faked or spoofed as we see existing domain names today," Simpson said. 

The ultimate protection would be for TSP and other agencies to each request separate gTLDs, if ICANN opens up another round of applications for domain names, he said. "This would mean having a .TSP domain extension, running this service through their own infrastructure, and therefore being able to provide increased end-to-end security to customers," Simpson said.

Consultants also suggest agencies entrusted with citizen information invest in new technology to prevent being associated with undesirable or fraudulent Internet content. 

"An approach that combines sound internal policies with robust monitoring and other external enforcement capabilities will go a long way toward giving government the ability to effectively manage this often complex area of internet-based risk," Simpson said. 

Brand protection software is worth considering, but such programs are less a new product category than a repackaging that highlights the obvious value proposition of protecting one’s brand and intellectual property from a breach, NSS Labs Chief Technology Officer John Pirc said. 

“While brand protection software is being used in the private sector and has been helpful in reducing risk, all it takes is one user to click on a link or visit a malicious website and depending on the severity of the malware downloaded, it could still impact an entire company," he said. "In terms of effectiveness, we never hear about all the incidents that have been blocked, but only those that have catapulted an organization onto the front page of the national news for becoming breached.”  

As for the dot-airforce domain, it has been delegated to United TLD Holdco Ltd., based in Ireland. 

(Image via weerapat kiatdumrong/Shutterstock.com)

Threatwatch Alert

Spear-phishing / Stolen credentials / User accounts compromised

Gmail Scam Tricks Users With Convincing Login Page

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.