Washington — Counties in more than a dozen swing states across the country operate election-related websites that lack basic security measures and are not even identified as government related, computer security research firm McAfee found in a study published earlier this week.

“We found that large majorities of county websites use top level domain names such as .com, .net and .us rather than the government validated .gov in their web addresses,” the study found after examining 20 swing states. “Our findings essentially revealed that there is no official U.S. governing body validating whether the majority of county websites are legitimately owned by actual legitimate county entities.”

Websites that use .gov must pass a U.S. government validation process to ensure that the entity operating such a site indeed belongs to a government entity, McAfee said.

“This is important, because unlike .gov sites, where there is a thorough vetting process and background checks, including government officials as references, anyone can buy a .com domain,” McAfee’s Chief Technology Officer Steve Grobman said in a statement. Attackers could launch a fake .com website that mimics a county website, he said.

Minnesota and Texas had the largest percentage of non-.gov domain names with 95.4 percent and 95 percent respectively, according to McAfee. They were followed by Michigan with 91.2 percent of the sites lacking a .gov designation, followed by 90 percent in New Hampshire, 86.6 percent in Mississippi, 85.9 percent in Ohio, the study found. McAfee chose the 20 swing states because they present the “most compelling targets for threat actors.”

Texas and Minnesota election authorities could not immediately be reached for comment.

A majority of the counties studied also “did not enforce the use of SSL, or Secure Sockets Layer certificates,” Grobman said. “These digital certificates protect a website visitor’s web sessions, encrypting any personal information voters might share and ensuring that bad actors can’t redirect site visitors to fraudulent sites that might give them false election information.”

McAfee highlighted that many of the county websites that lack the SSL feature clearly show up as “Not Secure” on the website’s address bar.

While Congress and the Department of Homeland Security have focused on reducing the risk of attackers interfering in the actual voting process, either by hacking into voting machines, or voter registration databases, adversaries could choose simpler and more effective techniques, Grobman said.

DHS Undersecretary Christopher Krebs told reporters earlier this week that the department was going through a series of exercises to figure out all the ways in which adversaries may try to interfere in the midterms, and helping states prepare for such eventualities.

Adversaries are more likely to employ a disinformation campaign in specific states or closely contested congressional districts with the goal of suppressing voter turnout, including such tactics as mass email campaigns that distribute fake websites and false information on polling locations, Grobman said. In such a scenario voters likely would turn to county websites for accurate information on polling stations, eligibility requirements, and other information, McAfee said.