Protesters outside the state capital building in Topeka, Kansas, are pushing for the governor to stop arranging the accommodations.
Jamie Squire / Getty Images
For the latest corona virus pandemic news and information, visit WHO website.
Last month, more than 540 domain names with the word “reopening” were registered in the URL. However, this is not a sign that ending social distancing policies has become a primary goal. Hundreds of these websites are believed to give credibility to anti-lockdown protests, and many are from suspicious sources or resellers who want to make money.
In a report released on Friday, the threat intelligence company DomainTools said it had been found Hundreds of domain names linked to the “reopening” campaignwho largely speaks against government blocking measures taken to curb the spread of measures the novel corona virus. The campaign wants social distance restrictions to end and businesses to reopen.
Protests have surfaced across the country, with something, but far from everything, Americans show frustration with social distance policies that have changed lives and brought many companies to a standstill. A number of these protests have been organized on Facebook to remove events that cause people to violate distance policies.
The number of domains associated with anti-lockdown efforts started off small, but grew rapidly after President Donald Trump sent a series of “liberated” tweets about states with protests, said Chad Anderson, chief security researcher at DomainTools.
Anderson said that it is difficult to say which areas are linked to actual political causes and which are simply trying to benefit from the anti-lockdown sentiment. DomainTools researchers have found hundreds of “reopening” URLs that have been purchased for resale and others that resemble malware campaigns.
The researchers also found evidence that some of the domains were created as part of an “astroturfing” effort, an indication of campaigns that appear to be basic movements but were actually created artificially.
“If there is enough support out there for an astroturfing campaign, it can become real events with real consequences,” said DomainTools Research Director Sean McNee.
Artificial grass seeds
The first batch of “reopening” domains consisted of seven URLs that came from an anti-weapons control group, Anderson said.
He found seven “reopening” websites registered on April 8 in states like Ohio, Pennsylvania, Missouri and Minnesota. The seven sites appeared to represent independent groups, but they were all registered under Aaron Dorr, a pro-gun activist from Iowa. Together they create the appearance of a broad protest against blocking measures, a digital one Potemkin Village.
DomainTools indicated that an increase in “reopened” domain names has been noted in the past month. Over 500 new URLs have appeared in the past week.
DomainTools
The Washington Post and NBC News detailed how the Dorr family started Facebook groups with hundreds of thousands of followers who called for the reopening of the economy and directed people to websites.
The websites have almost the same design, with the names of local politicians swapped for each state. The sites were set up to organize protests and passed on to gun rights groups.
NBC News found that many of the websites hosted by Dorr were designed to collect visitor data, including emails and home addresses.
“The point is that it looks like there is a legitimate, nationwide group for these movements,” said Anderson. “There is a local meaning, because people react to it.”
Dorr could not be reached for comment.
A Reuters poll between April 15th and 21st found that 72% of adults in the United States support measures that stay at home. And a CBS News poll found that 70% of Americans say social distancing should remain the nation’s # 1 priority. But the artificial turf campaigns could give the impression that there are widespread objections to policy distancing, DomainTools said.
Counter crouch
DomainTools found that most of the “reopened” domain names actually came from a man in Florida who was trying to counter astroturfing efforts.
The researchers discovered 98 domains bound to one person who had registered “reopening” for all 50 states, including different spellings for each region. In a Florida Times Union article, the domain buyer was identified as Michael Murphy, who said he bought dozens of reopened URLs to prevent actual anti-lockdown protesters from getting them. (CNET was unable to find contact information for Murphy.)
DomainTools discovered 98 URLs from Murphy, who told the local newspaper that it had bought a total of 200 names and spent at least $ 4,000. Another large part of the “reopening” domain names comes from well-known resellers, Anderson said.
These are “reopening” websites that are aimed at restaurants, cinemas and sports and are all for sale.
Anderson said DomainTools has already seen up to 6,000 new registrations per day related to COVID-19 and has started to see more related to the “reopening” campaign.
“Domainers are a special kind of people who see every chance of making a quick buck,” said Anderson. “In each of these cases, there will be people trying to choose domains that they can sell for $ 5,000 that they bought for $ 10 because someone wants to start a move.”
Possible malware
DomainTools researchers also found a number of links that were registered in large quantities, especially with typos in the phrase “Reopen American Business”. All of these domains have been registered in China and have typographical errors that indicate that they are set up as phishing sites.
Typos are an old trick in which people buy URLs for frequently misspelled websites and set up a page that looks like the real one. The idea is to get visitors who make typing mistakes to enter their confidential credentials on these fraudulent pages.
These domains have all servers that are registered with Bodis, an advertising service that monetizes and has domain names Links to an earlier malware campaign from the extended group for persistent threats DarkHotel. APTs are well-known groups behind cyber attacks. The DarkHotel APT group is a hacking group that Victims in Japan, Taiwan, China, Russia and South Korea are particularly affected.
“It looks like it’s used for phishing campaigns,” said Anderson. “It hasn’t been fully activated yet, but has the characteristics of a DarkHotel APT group.”
The information contained in this article is for educational and informational purposes only and is not intended as health or medical advice. Always consult a doctor or other qualified healthcare provider if you have any questions about an illness or health goals.