Now that citizens of the United States cast their votes in the presidential election, the time is right to consider what implications, if any, Internet-borne threats had on this process. In this election, the candidates relied on the Web to communicate their positions, assemble supporters and respond to critics more than ever before. The risks of using the Web for these activities are a serious concern as they can be used to disseminate misinformation, defraud candidates and the public and invade privacy.
Protecting against these risks requires a careful examination of the attack vectors most likely to have an immediate and material effect on an election, which in turn impact votes, candidates or campaign officials. The first step is understanding the risks involved. Once citizens understand the risks they can use tools and implement best practices in providing Internet protection for consumers and enterprises.
New Generation of Attackers
The creators of today's malware are no longer kids doing it for notoriety or to gain recognition. Today's hackers and attackers have moved out of basements and dorm rooms and into organized crime, aggressive governments, and organizations intent on using this ubiquitous high-tech tool for their own criminal purposes.
Consumers and enterprises are responding by adopting a more proactive approach to Internet security. At home and at work, Internet users are implementing new technologies and best practices to mitigate their risk as they work and play online. They are taking these extra steps to protect themselves, because they know that their identities, financial well-being and reputations may be on the line.
However, an equally insidious yet less publicized threat remains: the potential impact of this malicious activity on the election process. Many of the risks that users have become accustomed to as they leverage the Internet in their daily lives can also manifest themselves when the Internet is expanded to the election process.
Beyond the concerns about voter fraud and the challenges of electronic voting, many of today's threats from Internet-borne crimeware also have the potential to influence the election process leading up to voting day. From domain name abuse to campaign-targeted phishing, traditional malicious code and security risks, denial-of-service attacks, election hacking and voter information manipulation, the potential impact of these risks deserves consideration.
Malware, Phishing Attacks and More
Using malicious code and security risks for monetary gain is certainly not new. The authors of such creations are quick to reach into their bag of tricks in the wake of everything from natural disasters to economic downturns and even elections to try to manipulate users into becoming unwitting participants in their latest cyber scheme.
During the 2004 federal election, phishers targeted the Kerry-Edwards campaign -in one case, setting up a fictitious Web site to solicit online campaign contributions and in another, setting up a fictitious "toll-free" number for supporters to call (and then charging each caller nearly $2 per minute). Whether leveraging a fundraising site to which users have been redirected, a candidate's legitimate site, spoofed e-mails or typo-squatted domains, phishers have a wide range of vehicles from which to deliver their malicious activity.
Malicious code infection represents one of the most concerning potential online threats to voters, candidates and campaign officials. With malicious tools that monitor user behavior, steal user data, redirect browsers and deliver misinformation, malicious code targeted at voters has the potential to cause damage, confusion and loss of confidence in the election process itself. By placing keyloggers or Trojans on a user's system, a cyber criminal could hold the user's data hostage until a fee is paid to release it; such threats have already surfaced and been leveraged in the larger Internet user community. In addition, a carefully placed targeted keylogger might potentially result in the monitoring of all communications from an individual, including the candidate, campaign manager and other key personnel.
Denial-of-service attacks, which make a computer network or Web site unavailable and therefore unusable, have become increasingly common on the Internet today. In May 2007, one such attack was launched against the country of Estonia by Russian patriots who disabled numerous key government systems over the course of several weeks. Regardless of the motivation of such attacks or their geographic setting, in an election process they could potentially prevent voters from reaching campaign Web sites and impede campaign officials from communicating with voters.
In fact, the security of a campaign's Web site plays a role in how much faith voters have in the election process. Yet, these Web sites can also be hacked so that attackers can post misinformation or deploy malicious code to unsuspecting visitors. Attempts to deceive voters through the spread of misinformation using traditional forms of communication are not new. Past campaigns have aimed at intimidating minorities and individuals with criminal records, announced erroneous voting dates and introduced other tactics to create voter confusion. Such activities lend themselves to the Internet because of the ease with which they can be conducted by a single attacker rather than an organized group.
In today's online environment, a number of risks are posed by individuals attempting to abuse the domain name system of the Internet. These include typo squatters, domain speculators and bulk domain name parkers.
Typo squatting aims to benefit from mistakes users might make as they enter a URL directly into the address bar of their Web browser. It used to be that a typo resulted in an error message indicating that the specified site could not be found. Now, however, a user is likely to be directed to a different Web site unrelated to the intended one.
Unfortunately, organizations rarely have registered all potential variations of their domain name in an effort to protect themselves. Typo squatters anticipate which misplaced keystrokes will be most common for a given entity-in the case of election-focused activities, these would be Web sites related to the leading candidates-and register the resulting domain names so that traffic intended for the correct site goes instead to the typo squatter's own Web properties. The relative scarcity of simple, recognizable "core" domain names has resulted in the development of an after-market for those domain names and has led to the creation of a community of speculators who profit from the resale of domain names.
In fact, typo squatters and domain name speculators no longer even need to host the physical Web infrastructure for their own Web content or advertisements. Domain parking companies now handle this, for a cut of the advertising profits.
What's more, some typo squatters' sites may not simply host advertisements whose profits go back to them rather than to the intended site's owner, but they may actually forward the user to an alternative site with differing political views. Worse yet, the real potential for future abuse of typo domains may revolve around the distribution and installation of security risks and malicious code, the potential impact of which is evident in online banking, ecommerce and other business-related online activities today.
Many of the attacks are based on users typing in the wrong URL. Rather than typing the URL directly into the address bar, use a search engine. Then the user can see which links have the best search engine ranking. This will protect users, because fly-by-night sites will not have been in operation long enough to get a good search engine ranking. Also, search engines are good at recognizing typos, so if a user mistypes a candidate's name, the search engine can potentially figure out which candidate the user is actually seeking.
The candidates can also help protect their users by taking the initiative to purchase common typos associated with their domain names. They could also use brand monitoring services that can look at recently registered domain names and determine if any might potentially infringe on a registered trademark or name.
As campaigns increasingly look to the Internet as a tool for conducting business, the inherent risks that follow must also be considered. From domain name abuses to phishing, hacking and other security threats, the risks of online advocacy must be understood by election campaigns so that the necessary precautions can be put in place to protect against them. By keeping a vigilant watch on cyber activities, candidates, their campaigns and voters can help maintain a technologically dynamic, yet reliable, election process.
The Ocean Is Full of Phish
Introduction to Bots
Dr. Zulfikar Ramzan is a Technical Director and Architect with Symantec Security Technology and Response. His current focus involves building Symantecís next generation security technologies. His interests include studying the emerging threat landscape, focusing on topics like phishing, online fraud, malware, and Web 2.0 security.