Last Thursday, U.S. Sen. Mark R. Warner of Virginia wrote to American domain registrars NameCheap, GoDaddy, Cloudflare, NewFold Digital, NameSilo and Versign.
The registrars were identified in a Department of Justice affidavit as providing domain services to the “Doppelganger” Russian covert influence network. Warner, who is Chairman of the Senate Select Committee on Intelligence, pressed them to take immediate steps to address the continued abuse of their services for foreign covert influence, particularly in the period preceding and following Election Day.
Through the maintenance of both inauthentic social media accounts and websites, the hallmark of the Russian government-directed foreign malign influence campaigns known as “Doppelganger” has been the impersonation of Western media institutions online, including outlets like the Washington Post, Fox News and Forward. Russian influence operatives have been attributed impersonating dozens of legitimate organizations online as early as September 2022, when researchers at the nonprofit EU Disinfo Lab first identified the network’s campaigns, using misleading domains (such as www.washingtonpost.pm, www.washingtonpost.ltd, www.fox-news.in, www.fox-news.top and www.forward.pw) to covertly spread Russian government propaganda with the aim of reducing international support for Ukraine, bolstering pro-Russian policies and interests and influencing voters in U.S. and foreign elections, including the 2024 presidential election.
Citing research conducted by Meta in 2023, Warner noted several ways in which the global domain name industry has enabled Russian malign influence activity, including withholding vital domain name registration information from good-faith researchers and digital forensic investigators, ignoring inaccurate registration information submitted by registrants, and failing to identify repeated instances of intentional and malicious domain name squatting used to impersonate legitimate organizations.
“Information included in the affidavit supporting recent seizure of a number of these domains provides further indication of your industry’s apparent inattention to abuses by foreign actors engaged in covert influence. Specifically, Russian influence actors utilized a number of tactics, techniques and procedures that – against the backdrop of extensive open source literature on Doppelganger’s practices – should have alerted your company to abuse of its services, including the use of cryptocurrency to purchase domains, heavy reliance on anonymizing infrastructure to access your registration services (including the use of IPs widely associated with cybercriminal obfuscation network activity), the use of credit cards issued to a U.S. company ‘that has significant ties to, and employees based in, Russia,’ use of fictitious and poorly-backstopped identities for registrants, and in at least one instance the use of a Russian address,” Warner wrote.
According to Warner, the industry’s inattention to abuse has been well documented for years with the enabling of malicious activity such as phishing campaigns, drive-by malware and online scams. Warner wrote that “Congress may need to evaluate legislative remedies that promote greater diligence across the global domain name ecosystem.”
“In the interim, your company must take immediate steps to address the continued abuse of your services for foreign covert influence – particularly in the days preceding, and weeks immediately following, Election Day. With the prospect of a close election – and declassified intelligence demonstrating the past practice of foreign adversaries in spreading narratives that undermine confidence in election processes– Americans will be particularly reliant on media organizations and state and local government websites to provide authoritative and accurate election information. It is imperative that your company work to diminish the risk that foreign adversaries use impersonated domains to promote false narratives in this context,” Warner concluded.
As Chairman of the Senate Select Committee on Intelligence, Warner has been consistently warning about the threat posed by foreign covert influence networks ahead of the 2024 elections. Last month, he convened a public hearing with representatives from Alphabet, Meta and Microsoft examining the roles and responsibilities of U.S. platforms to prevent the spread of foreign propaganda and misinformation on their networks.