With all the talk of data and privacy, of Chinese and Russian hackers and election meddling and intellectual theft, cybersecurity should be—indeed, must be—an absolute priority for Trump Administration. Whether it’s the Internet of Things, the real threat of Chinese influence on the 5G networks, or the more simple yet painful cyber attacks on Americans, it’s time for the government to get serious about cyberwarfare and cybercrime.
Take, for example, the fact that many of us have probably received one of these calls: caller ID shows the number is strangely similar to yours, the call comes around dinner time, and if you happen to answer you’re immediately greeted by an angry, accusatory voice explaining the IRS is coming to kick in your door and arrest you. The only thing that will stop them? iTunes or Google gift cards of course, the normal legal tender accepted by all federal agencies.
It might sound ridiculous, one degree less silly than the email from the Nigerian prince who wants to send you his personal gold for safekeeping if only you will send him your bank account information, but it works. I’ve had friends and relatives taken in by similar scams; otherwise smart people can be caught off-guard by a convincing thief.
Last year saw an estimated 19.2 billion scam robocalls. In 2016, one report estimated Americans lost $9.5 billion to scammers, a 56 percent increase over 2015. Make no mistake: this is big business, and it’s not just happening on telephones.
These thieves are also using the internet to attack unsuspecting users. Cyber crime costs the world $600 billion every single year. Ransomeware, which takes over your computer, locking you out and threatening to delete your files if you don’t pay, is perhaps the fastest growing version of cyber crime, easy to do thanks to anonymous payment methods like Bitcoin.
Thankfully, the Trump Administration has begun to take much of this kind of crime quite seriously. FCC Chairman Ajit Pai announced in May the agency’s largest fine ever, $120 million, taking down a “kingpin of robocalling” in the process. This is a great first step, but it’s not enough. Cell phone manufacturers, mobile service providers, and broadband companies need to do more to protect users from these kinds of attacks.
But the internet needs reform, too, starting with the registration of fake websites. When criminals are stalking a neighborhood, looking for opportunities, they’re looking for easy pickings. Why even approach the house with the obvious security camera and large barking dog when the one next door has the telltale bulge of a key under the welcome mat?
Unfortunately, cyber criminals have found their equivalent of the easily found hide-a-key, and it’s the .US country domain code. While most websites that service users in the United States use the .com suffix, .US domains are growing in prominence and likely to increase as most popular .com domains are registered. The .US domain is administered by the Department of Commerce, which has clear rules designed to ensure that all addresses ending in .US are reserved for Americans.
But to say it’s being administered is a stretch: clearly someone inside the department has decided we will just have open borders—both online and offline.
Consider these facts: All .US internet domain addresses are required to be hosted in the United States, yet there are nearly 100,000 domain names ending in .US that are hosted outside our borders, with more than 30,000 hosted in China. What’s more, all .US internet domain addresses are required to be registered by U.S. businesses, organizations, or individuals. A survey of WHOIS indicates that at least 50,000 names belong to Chinese registrants, nearly 15,000 are registered to Russian registrants, and even some Iranians have been allowed to register .US names.
Either someone at the Department of Commerce is asleep at the wheel or this is intentional mismanagement. In addition to these facts, all internet web addresses ending in .US are required to be reviewed and cancelled if they have spam, phishing, or other abuses. But according to surbl.org, .US addresses are by far the most abused country code domain names in the world, with nearly 20,000 .US domain names associated with spam.
The safety and the well being of Americans should be the first and foremost priority of our government. Apparently the rules and regulations as laid out by the Department of Commerce are more a series of suggestions with little to no enforcement. It’s time for greater oversight and enforcement, not only to uphold the rule of law, but also to protect the American people who fund the various departments and agencies.
Photo Credit: Getty Images