Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop<\/title> <meta name=\"description\" content=\"A Secret Service official warns the domain registration system has major security vulnerabilities that enable phishing and fraud, yet the issue remains largely overlooked.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Why the domain registration system is a major security threat, according to Secret Service\"> <meta property=\"og:description\" content=\"A Secret Service official warns the domain registration system has major security vulnerabilities that enable phishing and fraud, yet the issue remains largely overlooked.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-29T21:13:52+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-29T21:21:45+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:title\" content=\"The \u2018staggering\u2019 cybersecurity weakness that isn\u2019t getting enough focus, according to a top Secret Service official\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1768841770g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87621\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87621\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsecret-service-iana-domain-security-weakness%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsecret-service-iana-domain-security-weakness%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87621 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \">\n<div class=\"single-article__header-content\" readability=\"30.917981072555\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87621\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Traitov, iStock\/Getty Images Plus <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"32.64459127228\"><body readability=\"67.298958333333\"><\/p>\n<p>The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday.<\/p>\n<p>\u201cIt is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution\u2019s brand name to create URLs to then use in phishing campaigns or in fraudulent advertising,\u201d the official, Matt Noyes, said at a conference in Washington, D.C.<\/p>\n<p>It was one of two areas Noyes identified as attack vectors that aren\u2019t adequately being addressed during a panel at the 2026 Identity, Authentication and the Road Ahead Policy Forum, along with susceptibility to business email compromise scams.<\/p>\n<p>The problem is in how the Internet Assigned Numbers Authority (IANA) functions, he said. A decade ago, the United States <a href=\"https:\/\/fedscoop.com\/the-u-s-still-oversees-the-internets-domain-names-for-now\/\">relinquished its control<\/a> of that process.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIt\u2019s not discussed normally in polite company, but very important \u2026 for the handful of people that engage in Internet governance,\u201d Noyes said.<\/p>\n<p>\u2018Think about every phishing campaign that contains a link, whether that\u2019s sent by SMS or email,\u201d he said. \u201cThey want a URL that is deceptive. That is an identity weakness there in how internet assigned names and numbers function; there was not sufficient validation that the person registering that domain name has rights to that \u2014 owns a trade right.\u201d<\/p>\n<p>That forces companies like Microsoft and Google to seek court-ordered takedown operations on the \u201cback end,\u201d as Noyes described it. However, Noyes suggested that internet companies could address the problem proactively.<\/p>\n<p>\u201cThat is fundamentally a failure of internet governance that we have not created identity checks to ensure that when someone is registering names and numbers or concentrating a huge amount of abuse in fraudulent activity in particular ASN, autonomous system numbers, that it\u2019s getting addressed and cleaned up,\u201d he said. \u201cThe major internet players in the U.S., they could change the nature of the internet and change the governance of that, to clean that up when there\u2019s a heavy concentration of abuse and fraud.\u201d<\/p>\n<p>That would involve not selling certain ads or showing certain results in web searches, Noyes said. \u201cIt could be addressed that way, but that\u2019s that underpinning that gets neglected because it\u2019s not in that direct consumer account interaction,\u201d he said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>And on <a href=\"https:\/\/cyberscoop.com\/tag\/business-email-compromise\/\">business email compromise<\/a>, which involves sending fake emails to solicit fraudulent payments, \u201cwe put implicit trust that the person we think we\u2019re communicating with controls an email address routinely. That trust is not earned. The system isn\u2019t designed that way.\u201d<\/p>\n<p>Business email compromise routinely accounts for a significant amount of <a href=\"https:\/\/cyberscoop.com\/fbi-ic3-cybercrime-report-2024-key-statistics-trends\/\">internet-enabled fraud <\/a>losses annually in the United States.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/secret-service-iana-domain-security-weakness\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Secret Service warns domain registration system is major security flaw<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5871,2336,282,5872,679,387,5873,625,1422],"tags":[5874,2338,286,5875,680,391,5876,630,1423],"class_list":["post-8312","post","type-post","status-publish","format-standard","hentry","category-asn","category-business-email-compromise-bec","category-cybercrime","category-domain-names","category-financial","category-google","category-iana","category-microsoft","category-secret-service","tag-asn","tag-business-email-compromise-bec","tag-cybercrime","tag-domain-names","tag-financial","tag-google","tag-iana","tag-microsoft","tag-secret-service"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/asn\/\" rel=\"category tag\">ASN<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/business-email-compromise-bec\/\" rel=\"category tag\">business email compromise (BEC)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/domain-names\/\" rel=\"category tag\">domain names<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/financial\/\" rel=\"category tag\">Financial<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iana\/\" rel=\"category tag\">IANA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secret-service\/\" rel=\"category tag\">Secret Service<\/a>","tag_info":"Secret Service","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8312"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8312\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8312,"date":"2026-01-29T15:13:52","date_gmt":"2026-01-29T21:13:52","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87621"},"modified":"2026-01-29T15:13:52","modified_gmt":"2026-01-29T21:13:52","slug":"the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/29\/the-staggering-cybersecurity-weakness-that-isnt-getting-enough-focus-according-to-a-top-secret-service-official\/","title":{"rendered":"The \u2018staggering\u2019 cybersecurity weakness that isn\u2019t getting enough focus, according to a top Secret Service official"},"content":{"rendered":"