Report: Domains Promoting Resistance to COVID-19 Orders Tied to One Owner

A report published today by DomainTools, a provider of cyberthreat intelligence tools and services, details how one small group of activists is allegedly employing astroturfing techniques to create the appearance of a nationwide grassroots effort through multiple domain sites calling for the reopening of businesses that have been closed in the U.S. to help combat the COVID-19 pandemic.

The report highlights not only the similarities between all of the sites investigated but also the attributes those sites have in common with websites promoting gun rights.

Chad Anderson, senior security researcher at DomainTools, said astroturfing is now being routinely used by advocates on both the right and left sides of the political spectrum to increase support for a cause by making it appear a website has been launched as part of a grassroots movement.

The websites promoting the reopening of businesses investigated by DomainTools all appear to tie back to Aaron Dorr, who along with his brothers, operates AaronDorr.com.

The Dorr brothers run several pro-gun and anti-abortion rights Facebook groups. According to NBCnews.com, those groups generate hundreds of thousands of dollars annually by antagonizing establishment conservative leaders and activists, who then buy memberships in groups or pay to acquire mailing lists.

DomainTools launched its investigation of the websites tied to Dorr after earlier in the week it was revealed reopenmn[.]com and reopenmd[.]com domains were registered on GoDaddy within seconds of each other.

According to the report, the sites advocating to reopen businesses appear to have employed SSL certificates that are registered to either Dorr’s personal domain or domains associated with firearm coalitions tied to him. Dorr is also a registered lobbyist in the state of Iowa and executive director of Iowa Gun Owner.

All of the pages were built using WordPress, according to the report, and are set up in a similar manner with much the same language, which in many cases is identical outside of swapping state names and various legislators. The sites also make use of One Click Advocacy, which many advocates employ to set up webpages, launch email campaigns and collect donations, the report noted.

Anderson said cybercriminals have already taken note of the controversy involving the spreading of COVID-19 disinformation in a way that endangers public health. Domain names that deliberately misspell words used in the domains set up to promote the suspension of edicts to close businesses are now emerging, he noted, adding it’s a matter of time before phishing attacks are launched from these fake websites.

It is not illegal to create websites to launch an astroturf campaign. However, the line between free speech and encouraging individuals to perform actions that endanger public health as part of an effort to extort money is very fine indeed. Regardless of where anyone stands on an issue, it’s critical to verify the bona fides of any advocacy website—these days, everyone from scam artists to intelligence agencies from around the world are trying to foment dissension by spreading disinformation online.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 255 posts and counting.See all posts by mike-vizard