{"id":182874,"date":"2026-01-29T16:18:00","date_gmt":"2026-01-29T21:18:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/29\/secret-service-warns-domain-registration-system-is-major-security-flaw-hackers-exploit\/"},"modified":"2026-01-30T01:25:12","modified_gmt":"2026-01-30T06:25:12","slug":"secret-service-warns-domain-registration-system-is-major-security-flaw-hackers-exploit","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/29\/secret-service-warns-domain-registration-system-is-major-security-flaw-hackers-exploit\/","title":{"rendered":"Secret Service warns domain registration system is major security flaw hackers exploit"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\">Secret Service warns domain registration system is major security flaw hackers exploit<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\">https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-29 16:18:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday.<\/p>\n<p>\u201cIt is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution\u2019s brand name to create URLs to then use in phishing campaigns or in fraudulent advertising,\u201d the official, Matt Noyes, said at a conference in Washington, D.C.<\/p>\n<p>It was one of two areas Noyes identified as attack vectors that aren\u2019t adequately being addressed during a panel at the 2026 Identity, Authentication and the Road Ahead Policy Forum, along with susceptibility to business email compromise scams.<\/p>\n<p>The problem is in how the Internet Assigned Numbers Authority (IANA) functions, he said. A decade ago, the United States relinquished its control of that process.<\/p>\n<p>\u201cIt\u2019s not discussed normally in polite company, but very important \u2026 for the handful of people that engage in Internet governance,\u201d Noyes said.<\/p>\n<p>\u2018Think about every phishing campaign that contains a link, whether that\u2019s sent by SMS or email,\u201d he said. \u201cThey want a URL that is deceptive. That is an identity weakness there in how internet assigned names and numbers function; there was not sufficient validation that the person registering that domain name has rights to that \u2014 owns a trade right.\u201d<\/p>\n<p>That forces companies like Microsoft and Google to seek court-ordered takedown operations on the \u201cback end,\u201d as Noyes described it. However, Noyes suggested that internet companies could address the problem proactively.<\/p>\n<p>\u201cThat is fundamentally a failure of internet governance that we have not created identity checks to ensure that when someone is registering names and numbers or concentrating a huge amount of abuse in fraudulent activity in particular ASN, autonomous system numbers, that it\u2019s getting addressed and cleaned up,\u201d he said. \u201cThe major internet players in the U.S., they could change the nature of the internet and change the governance of that, to clean that up when there\u2019s a heavy concentration of abuse and fraud.\u201d<\/p>\n<p>That would involve not selling certain ads or showing certain results in web searches, Noyes said. \u201cIt could be addressed that way, but that\u2019s that underpinning that gets neglected because it\u2019s not in that direct consumer account interaction,\u201d he said.<\/p>\n<p>And on business email compromise, which involves sending fake emails to solicit fraudulent payments, \u201cwe put implicit trust that the person we think we\u2019re communicating with controls an email address routinely. That trust is not earned. The system isn\u2019t designed that way.\u201d<\/p>\n<p>Business email compromise routinely accounts for a significant amount of internet-enabled fraud losses annually in the United States.<\/p>\n<p>\t\t\tWritten by Tim Starks<br \/>\n\t\t\tTim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he&#8217;s covered cybersecurity since 2003. Email Tim here: tim.starks@cyberscoop.com.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Secret Service warns domain registration system is major security flaw hackers exploit https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":182875,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/01\/GettyImages-968118766.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,25],"class_list":["post-182874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182874"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=182874"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182874\/revisions"}],"predecessor-version":[{"id":182876,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/182874\/revisions\/182876"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/182875"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=182874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=182874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=182874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}