How Could Have Been Saved From

A civic coder has built a tool to detect fake candidate websites and beat cybersquatting.

Donald Trump reacts while addressing supporters at a Raleigh, NC, campaign rally in December.  (Jonathan Drake/Reuters)
The Internet had a good laugh last week as the news broke that did not direct users to the former governor’s campaign site, as you’d expect, but instead to that of his rival, Donald Trump.
A point to The Donald. Lesser known was the counterpunch, created December 7:
It doesn’t appear the Bush campaign is behind the clever bit of misdirection, since the domain registry points to a man in Philadelphia. But it was discovered by Joshua Franklin, a cybersecurity engineer who developed a computer program to detect cybersquatting in political campaigns, a persistent dirty trick that seems to be coming back in force for 2016.
Franklin, a federal employee who coded the project on his free time with help from his father, also found, which redirects to Planned Parenthood’s website, and, which features a photo of the Clintons with Trump.
“There weren’t too many fun Bernie ones,” he said. Thinking further, he amends: “There’s some that are Bernie looking like the doctor from Back to the Future.”
Trolling politicians through URLs is all about timing and money. If you can snag a domain featuring an aspiring president before they get big, the rewards can be huge: Rand Paul appears to have dropped $100,000 for
But the quickest way to trip up a political opponent might be through a misspelling. Trump’s move on was brazen, and probably expensive. More economical is a pick like, which redirects to the presidential campaign of a man from Texas.
Franklin’s program works by taking candidate names and automatically downloading screenshots from URLs matching common patterns:,, It also checks misspellings and switched letters, like
After it runs, it’s up to Franklin to page through the thousands of images to find fakes. Many of these sites are obviously satirical or opponent-driven, he said. But others aren’t, and he sees it as a public good to point out imposters before people unknowingly part with donations.
“I want to help candidates protect themselves online,” he said. “If it’s a good enough site, people are going to be fooled. My thought was, I can fix that.”
Franklin’s original script took several hours to process a single candidate, working from his laptop over WiFi; he has since upgraded his code and moved it to Amazon’s cloud servers, cutting the wait to a couple of minutes.
He’s even considering offering his code for hire, perhaps as a way for campaigns to scout out potential domain-name vulnerabilities. There’s a market: A 2012 report from the Coalition Against Domain Name Abuse showed 27 percent of U.S. congressional members were the subject of cybersquatting.
It’s too late for But Franklin’s smart software might be the way to save