This blog post is republished from Bolster Research from cybersecurity firm Bolster. It’s an interesting read:
Cyber security is a critical issue for the 2020 Presidential Campaign, dominating news headlines. Along with the typical election crimes including voter and campaign finance fraud, today’s campaigns are also fraught with nation state cyber attacks. Microsoft recently reported that nation state criminal groups from China, Iran and Russia are actively interfering with the campaign and government officials . To date, attacks include a range of techniques from spear phishing, where targeted emails trick users into disclosing confidential information or user credentials, to brute force password spraying, a tactic hackers use to access accounts through common passwords. The campaigns are on high alert for malicious activity and have taken momentous proactive measures. Trump hired consultants to probe his cyber security defenses. Biden has created a team led by a cyber advisor from the Obama administration and former DHS cyber staffer .
Bolster Research recently discovered the Trump and Biden campaigns face online issues beyond traditional cyber attacks. The Trump campaign faces a rampant counterfeit paraphernalia problem, where unofficial merchandise is being distributed and sold through various websites. Although this may not be seen as a significant threat, the reality is these websites are stealing money from the campaign. Although the outcome may be unintentional, this decreases Trump’s financial advantage and could cause a cash crunch leading up to the election. Unlike the Trump campaign, the Biden campaign is faced with Internet trolling, not financially destructive, but disconcerting.
Trump: Make America Great Fall Sale
The Bolster Research analysis found 48 active websites selling unofficial Trump 2020 gear. These websites offer a wide variety of products that use the Trump campaign logos and images and tout conservative causes such as Blue Lives Matter. Many offer sales, discounts and coupon codes.
The people behind these fake merchandise sites are acting more like entrepreneurs than criminals. They are breaking the law by using Trump’s trademarks, his likeness and false claims of being an “official” site. But this effort takes a lot of planning and capital to execute. The goods must be designed, produced, and sourced cheaply overseas then shipped to consumers in the United States. Judging from the number of sites, it is clear the Trump fan base is very passionate and proud to support the current President. Like any good entrepreneur, the owners of these sites have recognized a market and taking advantage of it.
The screen shot below is an example of a site that is profiting from selling unofficial Trump gear. Key observations for site: https://officaltrumpgear[.]com.
• Site URL misspells “official”
• Red “Make America Great” hat is on sale for $19.99, compared to the $30 price tag on the official Trump campaign store
• Separate Blue Lives Matter donation page rather than direct link to organization (https://officaltrumpgear[.]com/products/donation-to-blue-lives-matter-nyc-inc)
Another site uses the inspirational idea of a Trump win in 2020.
Key observations of this site: https://www.trumpwin-2020[.]shop/
• Iconic red “Make America Great” hat is discounted 50% to only $16.99 compared to the $30 price on the official Trump campaign shop site
• Sales are the focus. The more you spend the more you save – over $59 (save 8%) over $99 (save 10%)
• Main website graphic is a skyline image that seems unrelated to Trump or America
Biden: Unfavorable Internet Trolling
The Biden campaign has only two websites that are suspicious. One seeks a $20 donation, but never claims the money will go to the Biden campaign. The other leads to a parody site that promotes negative news about Biden.
The more common problem for the Biden campaign is an individual or group took the time to purchase a number of Internet domains that are unflattering and take people to the Biden campaign website. This tactic has a low impact overall, since many of the URLs are negative and disturbing.
Examples of the fake URLs:
The creativity of cyber criminals (or entrepreneurs) is always surprising. In retrospect, the best ideas seem so obvious, many people often wonder “Why didn’t I think of that?” With heightened awareness and security measures in place, the Trump and Biden campaigns may be better prepared than the candidates in 2016. The bad actors, however, seem to have also evolved and finding ways to take advantage of the situation, whether it is for profit or just plain fun.
Like any other brands, the Trump and Biden campaigns should be more diligent in protecting their public perception. In the commercial world, it is common practice to remove phishing and fraudulent sites by contacting the hosting company. Companies like Bolster leverage a combination of deep learning, computer vision, and natural language processing to complete this process without human intervention, the industry’s first automated takedown process. Given the scale at which the criminals operate this is realistically the only scalable solution to the problem.