26 stories
·
1 follower

Who’s Behind the “Reopen” Domain Surge?

1 Comment and 2 Shares

The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to “liberate” themselves from new gun control measures and state leaders who’ve enacted strict social distancing restrictions in the face of the COVID-19 pandemic. Here’s a closer look at who and what appear to be behind these domains.

A series of inciteful tweets sent by President Trump on April 17, the same day dozens of state-themed “reopen” domains were registered — mostly by conservative groups and gun rights advocates.

KrebsOnSecurity began this research after reading a fascinating Reddit thread over the weekend on several “reopen” sites that seemed to be engaged in astroturfing, which involves masking the sponsors of a message or organization to make it appear as though it originates from and is supported by grassroots participants.

The Reddit discussion focused on a handful of new domains — including reopenmn.com, reopenpa.com, and reopenva.com — that appeared to be tied to various gun rights groups in those states. Their registrations have roughly coincided with contemporaneous demonstrations in Minnesota, California and Tennessee where people showed up to protest quarantine restrictions over the past few days.

A “reopen California” protest over the weekend in Huntington Beach, Calif. Image: Reddit.

Suspecting that these were but a subset of a larger corpus of similar domains registered for every state in the union, KrebsOnSecurity ran a domain search report at DomainTools [an advertiser on this site], requesting any and all domains registered in the past month that begin with “reopen” and end in “.com.”

That lookup returned approximately 150 domains; in addition to those named after the individual 50 states, some of the domains refer to large American cities or counties, and others to more general concepts, such as “reopeningchurch.com” or “reopenamericanbusiness.com.”

Many of the domains are still dormant, leading to parked pages and registration records obscured behind privacy protection services. But a review of other details about these domains suggests a majority of them are tied to various gun rights groups, state Republican Party organizations, and conservative think tanks, religious and advocacy groups.

For example, reopenmn.com forwards to minnesotagunrights.org, but the site’s WHOIS registration records (obscured since the Reddit thread went viral) point to an individual living in Florida. That same Florida resident registered reopenpa.com, a site that forwards to the Pennsylvania Firearms Association, and urges the state’s residents to contact their governor about easing the COVID-19 restrictions.

Reopenpa.com is tied to a Facebook page called Pennsylvanians Against Excessive Quarantine, which sought to organize an “Operation Gridlock” protest at noon today in Pennsylvania among its 68,000 members.

Both the Minnesota and Pennsylvania gun advocacy sites include the same Google Analytics tracker in their source code: UA-60996284. A cursory Internet search on that code shows it also is present on reopentexasnow.comreopenwi.com and reopeniowa.com.

More importantly, the same code shows up on a number of other anti-gun control sites registered by the Dorr Brothers, real-life brothers who have created nonprofits (in name only) across dozens of states that are so extreme in their stance they make the National Rifle Association look like a liberal group by comparison.

This 2019 article at cleveland.com quotes several 2nd Amendment advocates saying the Dorr brothers simply seek “to stir the pot and make as much animosity as they can, and then raise money off that animosity.” The site dorrbrotherscams.com also is instructive here.

A number of other sites — such as reopennc.com — seem to exist merely to sell t-shirts, decals and yard signs with such slogans as “Know Your Rights,” “Live Free or Die,” and “Facts not Fear.” WHOIS records show the same Florida resident who registered this North Carolina site also registered one for New York — reopenny.com — just a few minutes later.

Merchandise available from reopennc.com.

Some of the concept reopen domains — including reopenoureconomy.com (registered Apr. 15) and reopensociety.com (Apr. 16) — trace back to FreedomWorks, a conservative group that the Associated Press says has been holding weekly virtual town halls with members of Congress, “igniting an activist base of thousands of supporters across the nation to back up the effort.”

Reopenoc.com — which advocates for lifting social restrictions in Orange County, Calif. — links to a Facebook page for Orange County Republicans, and has been chronicling the street protests there. The messaging on Reopensc.com — urging visitors to digitally sign a reopen petition to the state governor — is identical to the message on the Facebook page of the Horry County, SC Conservative Republicans.

Reopenmississippi.com was registered on April 16 to In Pursuit of LLC, an Arlington, Va.-based conservative group with a number of former employees who currently work at the White House or in cabinet agencies. A 2016 story from USA Today says In Pursuit Of LLC is a for-profit communications agency launched by billionaire industrialist Charles Koch.

Many of the reopen sites that have redacted names and other information about their registrants nevertheless hold other clues, mainly based on precisely when they were registered. Each domain registration record includes a date and timestamp down to the second that the domain was registered. By grouping the timestamps for domains that have obfuscated registration details and comparing them to domains that do include ownership data, we can infer more information.

For example, more than 50 reopen domains were registered within an hour of each other on April 17 — between 3:25 p.m. ET and 4:43 ET. Most of these lack registration details, but a handful of them did (until the Reddit post went viral) include the registrant name Michael Murphy, the same name tied to the aforementioned Minnesota and Pennsylvania gun rights domains (reopenmn.com and reopenpa.com) that were registered within seconds of each other on April 8.

A large number of “reopen” domains were registered within the same one-hour period on April 17, and tie back to the same name used in the various reopen domains connected to gun rights groups. A link to the spreadsheet where this screen shot is drawn from is included below.

A Google spreadsheet documenting much of the domain information sourced in this story is available here.

No one responded to the email addresses and phone numbers tied to Mr. Murphy, who may or may not have been involved in this domain registration scheme. Those contact details suggest he runs a store in Florida that makes art out of reclaimed or discarded items, and that he operates a Web site design company in Florida.

However, various social media profiles tied to Mr. Murphy’s contact details suggest this persona may not present a complete picture. A Twitter account tied to Murphy’s email address promoted nothing but spammy paid surveys for years. And a Skype lookup on his phone number curiously returns a Russian profile under the name валентина сынах (translated as “Valentine Sons”).

As much as President Trump likes to refer to stories critical of him and his administration as “fake news,” this type of astroturfing is not only dangerous to public health, but it’s reminiscent of the playbook used by Russia to sow discord, create phony protest events, and spread disinformation across America in the lead-up to the 2016 election.

This entire astroturfing campaign also brings to mind a “local news” network called Local Government Information Services (LGIS), an organization founded in 2018 which operates a huge network of hundreds of sites that purport to be local news sites in various states. However, most of the content is generated by automated computer algorithms that consume data from reports released by U.S. executive branch federal agencies.

The relatively scarce actual bylined content on these LGIS sites is authored by freelancers who are in most cases nowhere near the localities they cover. Other content not drawn from government reports often repurpose press releases from conservative Web sites, including gunrightswatch.com, taxfoundation.org, and The Heritage Foundation. For more on LGIS, check out the 2018 coverage from The Chicago Tribune and the Columbia Journalism Review.

Read the whole story
spongbeaux
76 days ago
reply
Share this story
Delete
1 public comment
JayM
76 days ago
reply
Wow.
Atlanta, GA

The Science of Soap – Here’s How It Kills the Coronavirus

1 Comment

Palli Thordarson, chemistry professor at the University of New South Wales, writing for The Guardian:

Viruses can be active outside the body for hours, even days. Disinfectants, liquids, wipes, gels and creams containing alcohol are all useful at getting rid of them — but they are not quite as good as normal soap.

When I [shared the information above using Twitter][t], it went viral. I think I have worked out why. Health authorities have been giving us two messages: once you have the virus there are no drugs that can kill it or help you get rid of it. But also, wash your hands to stop the virus spreading. This seems odd. You can’t, even for a million dollars, get a drug for the coronavirus — but your grandmother’s bar of soap kills the virus.

So why does soap work so well on the Sars-CoV-2, the coronavirus and indeed most viruses? The short story: because the virus is a self-assembled nanoparticle in which the weakest link is the lipid (fatty) bilayer. Soap dissolves the fat membrane and the virus falls apart like a house of cards and dies — or rather, we should say it becomes inactive as viruses aren’t really alive.

I was not aware until this week that good old-fashioned soap is significantly more effective than alcohol-based disinfectants.

Read the whole story
spongbeaux
113 days ago
reply
Soap!
Share this story
Delete

Doom Eternal joins this year’s game-delay club, will launch March 2020

1 Comment

Doom Eternal—the highly anticipated sequel to the hell-shooter series' 2016 reboot—has left our list of most anticipated games of 2019. On Tuesday morning, game publisher Bethesda announced that Doom Eternal needs another four months in the oven. That means it will launch on PC, Xbox One, and PlayStation 4 on March 20, 2020.

That list of supported platforms is missing a big name: Nintendo Switch. Tuesday's delay includes an additional, indefinite delay of the sequel's port to Nintendo's weaker console, thus breaking the developer's original promise that Switch buyers would get to rip and tear into Doom Eternal the same day as everyone else. "We will announce [the Switch port's] date in the future," the company's statement vaguely reads.

Publisher Bethesda took the opportunity to delay another related game out of November 2019, as well: Doom 64. This first-ever port of the 1997 shooter onto non-N64 platforms is still coming to PC and modern consoles, Bethesda says, but it too will launch on March 20, 2020. Now, at least, that port will become a free pre-order bonus for buyers of Doom Eternal. But we're not sure why Bethesda and id Software couldn't get Doom 64 ready by this holiday season to tide series fans over during the bigger game's delay. (In the meantime, if you own a legitimate copy of the N64 original, we suggest ripping its files and launching them on PC via the incredible Doom 64 EX mod.)

Read 5 remaining paragraphs | Comments

Read the whole story
spongbeaux
271 days ago
reply
Well hopefully it's to remove idiotic macrotransactions in anticipation of a huge sales drop.
Share this story
Delete

Microsoft Launches New .NET Core Video Series

1 Share

Microsoft today released a new series of developer videos explaining the entire .NET Core stack.

The post Microsoft Launches New .NET Core Video Series appeared first on Thurrott.com.

Read the whole story
spongbeaux
285 days ago
reply
Share this story
Delete

Microsoft’s Your Phone service is down just days after the Galaxy Note 10 release

1 Comment
Photo by Tom Warren / The Verge

Microsoft’s new Your Phone service that helps connect Android phones to Windows has stopped working for users today. “We’ve identified an issue causing connection problems for the Your Phone app,” explains a Microsoft service outage page. “Users may receive ‘Can’t connect’ or other error banners when using the app. We’re actively investigating to identify the cause of the problem and develop a remediation plan.”

The timing of the outage is particularly unfortunate for Microsoft as Your Phone is a big part of the company’s new partnership with Samsung. The new Galaxy Note 10 comes with a unique version of Your Phone, dubbed “Link to PC,” built into the handset that went on sale last week. Your Phone has not been working on the Note 10 and...

Continue reading…

Read the whole story
spongbeaux
314 days ago
reply
Who even knew it was a service? Could've just been a direct connection...
Share this story
Delete

Microsoft’s OneNote app is getting dark mode support

1 Comment

Microsoft is planning to update its OneNote app on Windows 10 with a new dark mode option. The software maker is adding dark mode to many of its popular apps, including Outlook for iOS and Outlook on the web. Italian blog Aggiornamenti Lumia has managed to get an early look at the OneNote dark mode, and Microsoft VP of OneNote, Laura Butler, has confirmed dark mode and a “majorly” improved navigation system is on the way.

It’s still early work for the OneNote dark mode, but it appears that if you enable it on a Windows 10 PC it will carry over to the mobile versions for iOS or Android. Microsoft also appears to be keeping the main sheet that you add notes to white, probably to ensure it’s a little more readable for existing notes.

...

Continue reading…

Read the whole story
spongbeaux
451 days ago
reply
Dark mode schmark mode... Give me unlock section with Windows Hello
Share this story
Delete
Next Page of Stories