Senator questions internet domain companies over Russian disinformation charges
A leading U.S. Senator sent letters out to six CEOs of the largest internet domain companies questioning their role in recently-uncovered disinformation campaigns tied to the Russian government.
Sen. Mark Warner (D-VA) addressed the leaders of Cloudflare, GoDaddy, NameCheap, NameSilo, Newfold and Verisign, asking each to take steps to examine the ways they have “ostensibly facilitated sustained covert influence activity by the Russian Federation and influence networks operating on its behalf.”
“In particular, recent disruption actions by the Department of Justice indicate that your company has provided domain registration services to the Russian covert influence network known as ‘Doppelganger,’” Warner said.
In September, the Justice Department uncovered a vast network of websites — some of which mimic well-known sites like the Washington Post and Fox News — that are used by the Russian government to spread propaganda and narratives designed to cause chaos and confusion.
The companies running the disinformation sites are allegedly operating under the direction of Sergei Kiriyenko, the first deputy chief of staff to Russian President Vladimir Putin, and other members of the president’s office.
Warner said that with the presidential election shaping up to be a close race, it is imperative that Americans have websites they can reliably turn to for accurate information.
The European Union’s Disinfo Lab has attributed part of the success of these disinformation campaigns to the domain name industry, explicitly naming GoDaddy and NameCheap. A report from Meta last year similarly criticized the global domain name industry for not doing more to address this activity.
In some cases, Meta found Doppelganger websites impersonating government websites in France, Germany, Poland and Ukraine.
“In the context of the U.S. 2024 Presidential Election, the prospect of foreign actors impersonating state and local government websites — and seeding narratives related to election outcomes or electoral processes — is especially dire,” Warner said.
“Information included in the [Justice Department] affidavit supporting recent seizure of a number of these domains provides further indication of your industry’s apparent inattention to abuses by foreign actors engaged in covert influence.”
Warner noted that domain name firms continue to withhold vital domain name registration information from researchers and investigators, “ignoring inaccurate registration information submitted by registrants, and failing to identify repeated instances of intentional and malicious domain name squatting used to impersonate legitimate organizations.”
He noted several obvious issues — the use of cryptocurrency to purchase domains, the reliance on anonymous infrastructure, the use of fake identities for registrants and the purchase of domains using credit cards with ties to Russian nationals.
“Many of the domains seized by the Department of Justice – including those impersonating the Washington Post and Fox News – bore close resemblance (or in some cases, such as fox-news[.]top and fox-news[.]in, were identical) to impersonation domains mimicking those same news organizations in Meta’s August 2023 report,” Warner said.
“While foreign covert influence represents one of the most egregious abuses of the domain name system, the industry’s inattention to abuse has been well-documented for years, enabling malicious activity such as phishing campaigns, drive-by malware, and online scams — all possible because of malicious actors using your services.”
Warner noted that Meta’s report found that the domain name industry has outsourced the costs of addressing this abusive behavior to victims and third parties – who are forced to pursue costly and time-consuming litigation or dispute resolution through the World Intellectual Property Office.
Warner went on to warn each company that Congress “may need to evaluate legislative remedies that promote greater diligence across the global domain name ecosystem.”
None of the companies responded to requests for comment by the time of publication.
The identical 3-page letters say that as Congress works on potential solutions, each company needs to address the continued abuse of their services for foreign covert influence — particularly in the run-up to election day.
The Justice Department and tech giants like Google and Microsoft have confirmed that multiple adversarial nations are attempting to undermine confidence in the upcoming election.
Warner's letter cites the Justice Department warrants used to take down dozens of the platforms and other reports from Facebook and researchers who continue to uncover widespread disinformation networks.
The Doppelganger network — a hallmark of Russia’s disinformation efforts — has been in operation since the onset of the invasion of Ukraine and focuses heavily on impersonating well-known Western media brands.
Using social media accounts, fake websites and other platforms, Russian operatives have been able to impersonate news outlets and have already sought to impact the current election. A fake video purporting to show Vice President Kamala Harris involved in a hit-and-run accident was attributed to Russia and the country was allegedly responsible for other fake content about vice presidential candidate Tim Walz that was spread by fake websites over the last week, according to research from Recorded Future.
The troves of reports and warrants from the Justice Department should have prompted domain name companies to take more action, according to Warner.
Warner recently held a hearing in Congress demanding answers from the heads of Alphabet, Meta and Microsoft about what the tech giants are doing to stop foreign disinformation campaigns.
The companies had few answers, with each warning that limited threat visibility and First Amendment concerns are stifling their efforts to protect U.S. populations from dubious content.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.