Cybersquatters giving some US presidential candidates a bad name
Naked Security Naked Security

Cybersquatters giving some US presidential candidates a bad name

Cybersquatters have caused some embarrassment for several of the US presidential contenders. But abuse of domain names can be costly for businesses and dangerous for consumers.

US election cybersquattersChris Christie, the governor of New Jersey, is about to announce he’s running to become the next president of the United States – something he alluded to this past weekend when he began tweeting out links to his website,

But first, Governor Christie needed to secure the website domain from its previous owner, a computer programmer from Wisconsin with the same name.

It’s not clear how the politician Christie acquired the domain from the programmer Christie (we’ve contacted the latter to inquire about it, but haven’t heard back) – but it might have cost the governor a substantial sum of money to acquire it.

Another candidate for president, Senator Rand Paul, reportedly paid a group of his own supporters who owned of $100,000 for that domain.

In the cases of and, the former domain owners were acting in good faith, rather than registering those websites merely for the purpose of getting the high-profile politicians to purchase the domains.

On the other hand, the owner of registered that domain back in 2011 in hopes that Christie would be running for office in 2016 and offer to buy it.

Registering a domain in good faith is an important distinction, because buying up domains with names of famous people or brands for the purpose of extorting money is what is known as cybersquatting, and it’s (supposed to be) illegal.

The Anticybersquatting Consumer Protection Act (ACPA) is intended to prevent cybersquatting for profit.

Corporations like Facebook and Pinterest have successfully sued cybersquatters who registered domains that were close to the correct domains but were off by a letter or two, like or, taking advantage of people who inadvertently mistype the web address.

This kind of abuse is what Sophos calls “typosquatting” – and it’s not just a nuisance, but possibly dangerous for web users who accidentally visit those websites.

A few years ago, we conducted an experiment where we surveyed 1500 websites with one-character mistakes in the web addresses of six well-known domains – for Facebook, Google, Twitter, Microsoft, Apple and, while we were at it, Sophos.

We discovered that about 3% of those misspelled websites were associated with phishing, spam, and other types of cybercrime.

But disputes over domain names, and whether a domain owner is acting in “bad faith,” aren’t always cut and dry.

The ACPA law allows people to register domains for purposes that include political speech, which can lead to some embarrassing or reputation-damaging websites registered by political opponents.

Senator Ted Cruz, a presidential candidate and staunch opponent of President Obama’s immigration policies, doesn’t own – it’s instead owned by someone using the site to host the message: “Support President Obama! Immigration Reform Now!”

Carly Fiorina, the former chief executive of HP who is now running for president, didn’t register, and that website now hosts a message highlighting the fact that Fiorina laid off 30,000 HP workers during her tenure.

And the owners of the domain aren’t supporters of presidential candidate Jeb Bush – they purchased the domain in 2008 in response to Bush’s “horrible record with regards to LGBTQ rights,” they said.

According to the Internet Corporation for Assigned Names and Numbers (ICANN) – the non-profit organization responsible for managing the top-level domain name system and Internet Protocol (IP) allocation – if you believe someone has registered your trademarked name in bad faith, you can file a complaint under the Uniform Domain-Name Dispute Resolution Policy.

You could also file a lawsuit against the domain owner, which real estate mogul and now presidential candidate Donald Trump did in 2014 in response to a squatter who registered several websites using Trump’s name.

Trump won the lawsuit, which resulted in a judgment that the squatter would have to pay Trump $32,000 in damages.

But not every business or individual has Trump’s resources for fighting off squatters with lawsuits, and defending against cybersquatting by registering all potential domains containing your name or trademark is an expensive proposition.

ICANN has begun approving a set of 600 new generic top-level domains (gTLD), including the potentially embarrassing .SUCKS and .XXX.

According to the Coalition Against Domain Name Abuse, trademark owners who want to pay to block registration of their names across 300 new gTLDs during the pre-registration period could pay as much as $330,000 to protect their brands from cybersquatters.

In addition to the costs to businesses, the CADNA notes that cybersquatting potentially exposes consumers to counterfeit goods, fraud, malicious websites and identity theft.

The CADNA has proposed changes to the ACPA law that it hopes will be deterrents against future abuse of the domain name system – raising penalties for violators and holding domain registrars accountable.

In the meantime, brand owners can make cybersquatting less profitable by refusing to pay squatters for domains; and consumers can avoid potentially harmful domains and avoid typosquatting sites by bookmarking their favorite websites or using search engines to find the most relevant website.

As for the 2016 presidential candidates, it might be time to start buying up domains in preparation for another run in 2020.

Image of election voting courtesy of .

Leave a Reply

Your email address will not be published. Required fields are marked *