Welcome to GSNMagazine. Skip directly to: main content, navigation, search box.
GSN

Additional Resources | Book Excerpts

Cybercrime and the electoral system

Published November 20th, 2007

Oliver Friedrichs-Web

Oliver Friedrichs

The following excerpts were drawn from Chapter 10 of a forthcoming book, "Crimeware," which is edited by Markus Jakobsson and Zulfikar Ramzan, and will be published by Symantec Press and Addison-Wesley Professional.

While we first saw the Internet used extensively during the 2004 presidential election, its use in future presidential elections will clearly overshadow it. It is important to understand the associated risks as political candidates increasingly turn to the Internet to more effectively communicate their positions, rally supporters, and seek to sway critics. These risks include among others the dissemination of misinformation, fraud, phishing, malicious code, and the invasion of privacy. Some of these attacks, including those involving the diversion of online campaign donations have the potential to threaten voters' faith in our electoral system.

We have chosen to analyze those attack vectors that would be most likely to have an immediate and material affect on an election, affecting voters, candidates, or campaign officials.

++++++++++

Domain Name Abuse

All candidates for the 2008 federal election have registered, or already own, a unique domain name that is used in order to host their respective web site. In all cases this is a domain name that incorporates their own name in some capacity, and in some cases has been registered specifically in support of the 2008 campaign. Domain names play one of the most important roles in accessing a web site. They are the core part of the URL that is recognized by the general population, and as such, their ownership dictates who can display content to users visiting web sites hosted on that domain name.

While users may well know the URL to their bank or favorite commerce site, voters may not readily know the URL to their political party, or their chosen candidate's web site. Legitimate sounding domain names may not be as they appear. The authors were able to freely register domain names such as http://www.democratic-party.us and http://www.support-gop.org. It would be easy to use a domain name of this type for the purposes of phishing or crimeware installation.

In today's online environment, individuals and businesses must consider a number of risks from individuals attempting to abuse the domain name system. These involve domain speculators, bulk domain name parkers, and typo squatters.

++++++++++

Domain Speculation and Typo Squatting

Typo squatting seeks to benefit from a mistake made by the user when entering a URL directly into their web browser's address bar. An errant keystroke can easily result in the user entering a domain name that differs from the one that they intended. Typo squatters seek to benefit from these common mistakes by registering domain names that correspond to common typos. Whereas in the past, users making typos were most likely to receive an error indicating that the site could not be found, today they are likely to be directed to a different web site. In many cases this site may host advertisements; however the potential for more sinister behavior also presents itself.

In order to determine the current level of domain name speculation and typo squatting in the 2008 federal election we performed an analysis of well-known candidate domain names in order to seek out domain speculators and typo squatters.

We created two applications, typo gen and typo lookup. The typo gen application allowed us to generate typo domain names based on five common mistakes that are made when entering a URL into the web browser address bar. These include:

* Missing the first ‘.’ delimiter: wwwmittromney.com * Missing a character in the name (t): www.mitromney.com * Hitting a surrounding character (r): www.mitrromney.com * Adding an additional character (t): www.mitttromney.com * Reversing two characters (im): www.imttromney.com

As a result of these mistakes, the potential number of typos grows in proportion to the length of the domain name itself. It is rare to find that an organization has registered all potential variations of their domain name. Typo squatters take advantage of this, in order to drive additional traffic to their own web properties.

++++++++++

Analyzing the Results

A large number of both typo and cousin domain names have been registered by parties other than the candidate's own campaign. We find that many of the registered web sites, both in the typo squatting case as well as the cousin domain name case are registered for the purpose of driving traffic to advertising web sites.

++++++++++

Display Ads

Many of the typo domains that display contextual advertisements are in fact displaying advertisements that point back to a candidate's legitimate campaign web site. In some cases, a typo squatter has taken over the misspelling of a candidate's domain name and is able to profit from it. Worse, however, is that that the candidate is paying to have their ads displayed on the typo squatter's web site! This is a result of the way in which ad syndication on the Internet works.

++++++++++

Profit-Motivated Phishing and Campaign Contributions

Election-related phishing has been observed in the past. During the 2004 federal election, phishers targeted the Kerry-Edwards campaign. At least two distinct types of phishing were observed during that campaign. In one case, phishers set up a fictitious web site in order to solicit online campaign contributions, stealing the victim's credit card number, among other information. In the second case, phishers asked recipients to call a for-fee 1-900 number, whereby the victim would subsequently be charged $1.99 per minute. The perpetrators of these two attacks were never caught.

The increased collection of online campaign contributions also provides a ripe opportunity for phishers to target the unsuspecting public. While it is unreasonable to expect campaigns not to solicit contributions using email as a medium, they would be well advised to follow best practices that have been set by other online entities heavily prone to phishing.

++++++++++

Malicious Code and Security Risks

Malicious code and security risks present one of the more sinister risks to the election process. Malicious code, such as threats that leverage rootkit capabilities, have the potential to gain complete and absolute control over a victim's computer system. In addition, security risks, such as Adware and Spyware also pose serious concern, both in terms of their invasiveness to a user's privacy, in the case of Spyware, and their ability to present users with unexpected, or undesired information and advertisements, in the case of Adware.

++++++++++

Key Logger

A carefully placed targeted key logger has the potential to cause material damage to a candidate during the election process. Such an infection can result in the monitoring of all communications, including email messages and web site access initiated on the infected computer. This monitoring would give the would-be attacker unparalleled insight into the progress, plans, and disposition of the candidate's campaign. This may include new messaging, speeches, and otherwise sensitive information critical to the outcome of the candidate's campaign.

++++++++++

Denial of Service Attacks

Denial of service attacks have become increasingly common on the Internet today. Denial of service attacks seek to make a computer network, in most cases a particular web site, unavailable and therefore unusable.

In 2006, Joe Lieberman's web site also fell victim to a concentrated denial of service attack. Forcing the site offline, the attack paralyzed the joe2006.com domain, preventing campaign officials from using their official campaign email accounts and instead having to revert to their personal accounts.

++++++++++

Cognitive Election Hacking

The security of a campaign’s web site plays another vital role in the election process. The breach of a legitimate candidate's web site would allow an attacker to have direct control over all content viewed by visitors to that web site. This may allow for the posting of misinformation, or worse, the deployment of malicious code to unsecured visitors.

++++++++++

Push Polling

Push polling is one technique that lends itself extremely well to Internet based technologies. In push polling, an individual or organization attempts to influence or alter the views of voters under the guise of conducting a poll. The poll, in many cases, poses a question by stating inaccurate or false information as part of the question. One well known push poll occurred in the 2000 Republican Party primary. Voters in South Carolina were asked "Would you be more likely or less likely to vote for John McCain for president if you knew he had fathered an illegitimate black child?" In this case, the poll's allegation had no substance, but was heard by thousands of primary voters. McCain and his wife had in fact adopted a Bangladeshi girl.

++++++++++

Final Thoughts

Our goal in writing this chapter was certainly not to seed the minds of would-be attackers, nor to spread fear, uncertainty and doubt, but rather to discuss real-world risks that already exist today. None of the attacks which we have discussed are new or novel, however we have applied them to a specific recurring event; the election process. Our hope is to raise awareness of the potential risks before they are able to manifest themselves in both the upcoming 2008 federal election, and any election to follow.

++++++++++


  • Print
  • Add your comment
  • trackback url: http://www.gsnmagazine.com/cms/trackback/184-3