This is one for the facepalm department. An unauthorized individual managed to register a dot .GOV domain name, using fake papers and social engineering.
Apparently, the US General Services Administration– the federal agency responsible for managing the .gov domain registration process – failed to validate the request, made by an individual who impersonated the mayor of Exeter, Rhode Island.
The registered domain: Exeterri.GOV, which is no longer active but WHOIS data from DomainTools shows that it was registered on November 14, 2019.
Investigative reporter, Brian Krebs, noted that the impostor performed the domain registration as a “proof of concept” to demonstrate how easy it is to bypass security measures that are supposed to validate the requestor of .GOV domains.
The domain “hacker” also managed to add their newly registered domain to Facebook’s law enforcement subpoena system, although he says he did not attempt to abuse that access.
More details at KrebsOnSecurity.com.