October 21, 2007
Cybercrime — something every candidate should worry about
The harsh reality is that computers can do more untraceable damage to election campaigns — and most candidates and their high-priced consultants are oblivious to the threats and therefore do nothing to protect themselves from cybercrime. The article below focuses on federal elections but the same kinds of dirty tricks can impact any political campaign — from proverbial dogcatcher on up to those with aspirations of occupying the Oval Office. Some of these threats are so insidious that it would be hard to prove that they ever happened. But others like “typosquatting” should be addressed by every campaign that uses the internet.
Oliver Friedrichs of Symantec chaired a panel at last week’s APWG e-Crime Research Summit in Pittsburgh. He has now published much of his work in a chapter from the forthcoming “Crimeware” book.
Here is Oliver’s summary of what is covered:
Abuse of Candidates’ Internet Domain Names and Typo Squatting – In order
to determine the current level of domain name speculation and typo
squatting in the 2008 federal U.S. election, we performed an analysis of
17 well known candidate domain names in order to seek out domain
speculators and typo squatters. Our results were interesting to say the
least. Candidates have not done a good job at protecting themselves.
Some of the examples of infringement are quite interesting and humorous.
Phishing – When considering the 2004 election as a whole, phishing
presented only a marginal risk. At the time, phishing itself was still
in its infancy, and had yet to grow into the epidemic that can be
observed today. When we revisit the potential risk of phishing to the
2008 federal election, we find ourselves in a much different position.
Candidates have flocked to the Internet in order to communicate with
constituents, as well as to raise campaign contributions online. We
performed an analysis of campaign web sites in order to determine to
what degree they allow contributions to be made online. The most
concerning attack may involve the diversion of online campaign donations
intended for one candidate, to another, entirely different candidate,
entirely undermining voter confidence in online donations.
Adware – There are a variety of ways in which adware may be used in
order to influence or manipulate users during the course of an election.
We discuss those in this chapter as well.
Spyware – Spyware poses a new risk to the mass accumulation of
election-related statistics used to track election trends. Spyware has
the ability to capture and record user behavior (including Web browsing,
party affiliation, online campaign contributions and email traffic)
without voters’ knowledge or consent. This changes the landscape
dramatically when it comes to election-related data collection.
Keyloggers and Crimeware – Crimeware can collect personal, potentially
sensitive, or legally questionable information about individuals that
malicious actors can use either to intimidate voters or hold for ransom
to sway votes. A carefully placed, targeted key logger has the potential
to cause material damage to a candidate in the process of an election.
Such code may also be targeted towards campaign staff, family members,
or others who may be deemed material to the candidate’s efforts.
Campaign Web Site Security – The breach of a legitimate candidate’s Web
site would allow an attacker to have direct control over all content
viewed by visitors to that site. This may allow for the posting of
misinformation, or worse, the deployment of malicious code to unsecured
Public Voter Information Sources – The Federal Election Commission (FEC)
maintains a publicly available record of all campaign contributions. The
database contains contributors’ personal information.
Intercepting Voice Communications – With the evolution of smart-phone
spyware, the infection of a candidate, campaign staff, or candidate’s
family’s cell phone with such a freely available application could have
dire consequences. Now, all back-room and hallway conversations partaken
by the candidate can be monitored at all times and intercepted by the
attacker. Worse, opinions that were perhaps not shared with the public
or outsiders are recorded and available for later playback, introducing
the potential for widespread exposure and damage.