NS fails to protect against ‘typosquatting’, doppelganger websites, analyst says


A computer security analyst in Halifax says the provincial government is failing to protect Nova Scotians from potential online imposters who steal personal information with similar websites.

So, for $ 20, Logan Attwood registered the web address “govns.ca” so that it could not be used in so-called “typosquatting” attacks.

“While working in the industry, I realized how this area could be used for bad things,” Attwood said.

Typosquatting involves buying web addresses that are almost identical to popular websites.

If someone makes the correct typo, web traffic is routed to a different host, which can be exploited for advertising purposes.

But a greater risk is posed by “doppelganger” websites, which are the same as official websites but minus a “.” in the address.

“It’s a special class of attack, even beyond typosquats,” he said.

Identity theft tool

Attwood says doppelganger websites can be used to trick people into disclosing sensitive personal information.

“Someone could create an email campaign seeking to steal identities. And just tell people, “Hey, click here to get your updated vaccine QR code. “And ask people to type in their name, address, health card and see how much information would be able to get from them,” Attwood said.

“There could also be the potential to wreak havoc and chaos in interprovincial relations, as you would be able to send emails that most people would actually think were from an elected official,” Attwood said.

Logan Attwood is a computer security analyst in Halifax. (SRC)

“And you could send it to another province, to the federal government, even to other countries,” he said.

It could also be a way of sneaking around for proof of vaccination.

“Someone could buy these domains and set up a fake vaccine QR code checker, set up a website to allow these fake documents to be generated,” he said.

Attwood says monitoring provincial look-alike websites is key to preventing these risks.

“It’s generally seen as good practice, especially when you look at government, where it has a duty and a responsibility to its citizens,” Attwood said.

Old version of the NS address

As of October 2018, the province has changed from its old web address, “gov.ns.ca” to “novascotia.ca”.

But the old address still occupies an important place in the minds of Internet users.

Attwood polled his computer security colleagues to see if they could tell the difference between “gov.ns.ca” and “govns.ca”.

“They all told me they wouldn’t have noticed this in the email header,” Attwood said.

“So the very people who are supposed to be able to catch this sort of thing in their personal lives told me that, yes, they would have missed it,” he said.

Provincial government indifferent

Communications Nova Scotia is responsible for maintaining the province’s web presence.

“The main areas we use are novascotia.ca (current) and gov.ns.ca (legacy), “spokeswoman Chrissy Matheson said.

“We only register domains that we use or may use in the future.… We do not register domains that could represent typos and misspellings of our registered domains”, a- she declared.

“This practice could be costly for taxpayers and could unintentionally lend legitimacy to similar areas,” Matheson said.

“If a website falsely claims to be government property (using the government logo, for example), CNS can take legal action to have that website removed. It hasn’t been a big deal for the Nova Scotia government, ”she said.

A major issue for the feds

Meanwhile, the federal Communications Security Establishment (CSE) is leading an active campaign to combat typosquatters and other crooks who attempt to impersonate federal institutions.

“Since March 2020, the work of the Cyber ​​Center has contributed to the removal of more than 10,000 fraudulent websites or email addresses, including websites posing as the Government of Canada,” said the spokesperson for the Government of Canada. CST, Evan Koronewski.

“CSE has helped identify and remove malicious websites masquerading as the Canada Border Services Agency, the Public Health Agency and the Canada Revenue Agency,” Koronewski said.

Koronewski says COVID-19 has triggered an increase in identity theft on government websites.

“This work continues every day as we identify and remove more and more fraudulent domains masquerading as the Government of Canada for whatever reason,” he said.

Provincial risk exceeds Nova Scotia

Attwood says Nova Scotia isn’t the only province to overlook look-alike websites.

He has registered similar sites for Manitoba govmb.ca, Quebec govqc.ca, Saskatchewan govsk.ca and Yukon govyk.ca.

He also recorded look-alikes for New Brunswick in English and French, which corresponds to the bilingual status of the province.

“With New Brunswick, they had both ‘gov’ and ‘gouvnb’ available,” he said.

Alarmingly, a lookalike for the old Alberta website has already disappeared.

“There is govab.ca and it is currently already registered … The identity of the owner is obscured by the private registration,” Attwood said.

Offer to provinces

In the meantime, Attwood has linked all of the provincial look-alikes to a CBC article on an earlier computer problem in Nova Scotia.

He also changed the settings of the doppelganger website so that it was not possible to use them to send emails.

Attwood says he wants all jurisdictions to take the websites away from him.

He says he contacted him by email.

“I asked that they acknowledge having received the email and that they were ready to initiate a domain transfer. I would like the respective provinces to own these domains,” he said.

So far, he has received no response.

Attwood insists that his motives are “pure”, and he will donate the sites, even if it costs him $ 20 each to register.

“Free… I wouldn’t refuse to have my expenses covered, but I am not asking for them to be covered under any circumstances,” he said.


About Author

Comments are closed.