Pauline Hanson’s web obsession: Cybersquatting for politics not profit

As part of its intention to lead the “no” vote in the coming referendum on an Indigenous Voice to Parliament, Pauline Hanson’s One Nation party is collecting web domains; some explicitly tied to its cause including NoToVoice.com, but others more generic including UluruStatement.org.au.

Hanson said in a press release that her office had registered 46 domains related to the issue. A report from the ABC highlighted 37 of them, including variations on the above as well as VoiceToParliament, with .com, .net, .org and .au suffixes.

One Nation leader Pauline Hanson said the party would spearhead the campaign against an Indigenous Voice to Parliament.

One Nation said it obtained the domains in order to prepare for a comprehensive campaign, but so far the domains do not point to any website. It’s unclear if they will be made to redirect to a central website, or merely held to keep more progressive or neutral groups from using them.

It’s a tactic known as cybersquatting, commonly used by marketers and politicians, usually to redirect traffic from rivals, block competitors or, in the case of scammers, extortionists, in hope of selling the domain for profit. For One Nation, the motivation is clearly political opportunism.

“The ‘yes’ campaign is ill-defined and ill-prepared, not even having the foresight to register the domain names we will use to good effect,” Hanson said.

“Will the Albanese government guarantee equal funding for both campaigns? It’s the only fair approach, however, One Nation will not wait for the Prime Minister’s excuses.”

Security expert Troy Hunt said cybersquatting had a colourful history going back decades, before most big companies had a web presence.

“Very early on we’d see people snapping up well-known brand names, so for example Pepsi.com, and that excludes anyone else including the real Pepsi from using that domain. And that’s a valuable asset,” he said.

“We’ve seen domain names change hands for extraordinary amounts of money.”

Australian security researcher Troy Hunt.

Buying and selling domains based on common words or phrases is big business. Famously Sex.com was sold for $US13 million ($11.7 million) in 2010, and at the time was the most expensive domain sale ever. Elon Musk claims his company had to pay $US11 million for Tesla.com, and earlier this year NFTs.com changed hands for $US15 million ($21 million).

But in addition to squatting on a domain to sell it, businesses might register a competitor’s name and try to redirect traffic to their own site, similar to how businesses buy Google ads based on searches for their rivals.

A famous Australian example of cybersquatting saw Catch Group delay an Australian version of American deals giant Groupon in 2011, by buying up the local domain and trademarks while redirecting to its similar Scoopon service.

Hunt said criminals also often snap up domains similar to popular sites (or that contain misspellings of popular sites) hoping to snare victims. In One Nation’s case though, he said it seemed shady but in no way illegal.

“In the case of Pauline Hanson, it sounds like there’s a motivation to influence people searching for these topics to end up on her material, as opposed to where they would think they’d end up based on that topic,” he said.

One thing that could stand in the party’s way are the strict rules employed by the AuDA, the regulator in charge of Australian domain names. Registrants need to have a connection to Australia to use a domain ending in .au, and domain names must be closely related to registrant’s name, trademark or business, or a service that they provides, according to the AuDA.

But while the AuDA could veto One Nation’s .au registrations, the other websites would be left standing.

“The registration criteria depends on the top-level domain (TLD), so if you want to grab a .com you can get anything you like as long as it’s available,” Hunt said.

Meanwhile, Australia’s small business ombudsman Bruce Billson has raised concerns that the issue of cybersquatting could be exacerbated in the coming months, as changes to the way Australian domains are registered come into effect next month.

Australia’s small business ombudsman Bruce BillsonCredit:Dominic Lorrimer

In March, the AuDA opened registrations for .au top-level domains, meaning businesses could apply for something like example.au. Individuals and businesses who already have a .com.au domain can apply for priority access to get the same thing without the .com but, as of September 22, all unused domains will be available for public purchase.

“I implore all small business owners to take a few minutes to work out if they want the shortened .au domain or will be unhappy for someone else to have it,” Billson said.

“If you want it, small business owners, I urge you to take a few minutes and few dollars to register it or potentially face someone else grabbing it and using it to digitally ambush your business, to demand big dollars later to surrender it to you, or misuse it to masquerade as you or to help them engage in cybercrime.”

Even though the AuDA put a six month window in place for existing domain owners to register the new addresses, Billson said the public awareness campaign had been ineffective.

“My engagement with small businesses is that overwhelmingly they are either not aware of this change or they do not understand the potential consequences,” he said.

“Domain names are very much the identity of a business and critical to their success. Small businesses cannot afford to have their identity sold to someone else.”

Hunt said that while copycat cyber-squatters were a concern, businesses could only do so much to prevent them. Squatters not only have an endless variety of top-level domains to use, but also variations on phrases and spellings.

“It’s a little bit whack-a-mole, to be honest. You end up with a situation where you’re trying to get all of these different variations, and you never can,” he said.

“At the end of day if the domain name itself, excluding the TLD, is something that people recognise, and it sounds like what they’re looking for, they’re just going to click through.”

Hunt runs popular website Have I Been Pwned, which lets people search their email addresses or phone numbers to find out if they’ve been affected by data breaches. He said he’s always fighting imitators and squatters; for example HaveIBeenPrawned.com is owned by Hunt and redirects to the proper site, but HaveIBeenPawned.com is full of spam.

“I have got HaveIBeenPwned.ninja because someone registered it and sold it to me,” he said.

“There’s sort of this assumption that the TLD somehow has some geographic tie, but then there’s a huge number of people that have registered .tv domains, the TLD for Tuvalu, because it sounds cool,” he said.

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.

Most Viewed in Technology

From our partners

Source: Read Full Article