Cybercrime and Politics

As citizens of the United States prepare to cast their votes in the upcoming presidential election, the time is right to consider what implications, if any, Internet-borne threats may have on this process. With political candidates increasingly relying on the web to communicate their positions, assemble supporters and respond to critics – Internet-based risks are a serious concern as they can be used to disseminate misinformation, defraud candidates and the public and invade privacy.

Protecting against these risks requires a careful examination of the attack vectors most likely to have an immediate and material effect on an election, which in turn impact votes, candidates or campaign officials. Once individuals and organizations have a better understanding of these risks, they can put in place many of the same tools and processes that have proven effective in providing Internet protection for both consumers and enterprises.

Barbarians at the Gateway
As malware has evolved into crimeware, Internet threats are no longer noisy devices designed to get attention. Rather, today’s malicious code has moved out of basements and dorm rooms and into the hands of organized crime, aggressive governments and organizations intent on using this ubiquitous high-tech tool for their own criminal purposes.

Businesses and consumers are responding by adopting a more proactive approach to Internet security. Both at home and at work, many Internet users are implementing technologies and practices to mitigate their risk as they work and play online. After all, with their identities, financial well-being and reputations on the line, consumers and businesses have little choice but to tighten their defenses.

However, an equally insidious yet less publicized threat remains: the potential impact of this malicious activity on the election process. Many of the same risks that users have become accustomed to as they leverage the Internet in their daily lives can also manifest themselves when the Internet is expanded to the election process.

Beyond the concerns about voter fraud and the challenges of electronic voting, many of today’s threats from Internet-borne crimeware also have the potential to influence the election process leading up to voting day. From domain name abuse to campaign-targeted phishing, traditional malicious code and security risks, denial-of-service attacks, election hacking and voter information manipulation, the potential impact of these risks deserves consideration.

What’s in a Domain?
In today’s online environment, a number of risks are posed by individuals attempting to abuse the domain name system of the Internet. These include typo squatters, domain speculators and bulk domain name parkers.
Typo squatting aims to benefit from mistakes users might make as they enter a URL directly into the address bar of their web browser. It used to be that a typo resulted in an error message indicating that the specified site could not be found. Now, however, a user is likely to be directed to a different website unrelated to the intended one.

Unfortunately, organizations rarely have registered all potential variations of their domain name in an effort to protect themselves. Typo squatters anticipate which misplaced keystrokes will be most common for a given entity—in the case of election-focused activities, these would be websites related to the leading candidates—and register the resulting domain names so that traffic intended for the correct site goes instead to the typo squatter’s own web properties. The relative scarcity of simple, recognizable “core” domain names has resulted in the development of an after-market for those domain names and has led to the creation of a community of speculators who profit from the resale of domain names.

In fact, typo squatters and domain name speculators no longer even need to host the physical web infrastructure for their own web content or advertisements. Domain parking companies now handle this, for a cut of the advertising profits.

What’s more, some typo squatters’ sites may not simply host advertisements whose profits go back to them rather than to the intended site’s owner, but they may actually forward the user to an alternative site with differing political views. Worse yet, the real potential for future abuse of typo domains may revolve around the distribution and installation of security risks and malicious code, the potential impact of which is evident in online banking, ecommerce and other business-related online activities today.

Phishers, Hackers, and More
The use of malicious code and security risks for profit is certainly not new. It seems the authors of such creations are quick to reach into their bag of tricks in the wake of everything from natural disasters to economic downturns and even elections to try to manipulate users into becoming unwitting participants in their latest cyber scheme.

For example, phishers targeted the Kerry-Edwards campaign during the 2004 federal election—in one case, setting up a fictitious website to solicit online campaign contributions and in another, setting up a fictitious “toll-free” number for supporters to call (and then charging each caller nearly $2 per minute). Whether leveraging a fundraising site to which users have been redirected, a candidate’s legitimate site, spoofed emails or typo-squatted domains, phishers have a wide range of vehicles from which to deliver their malicious activity.

Malicious code infection represents one of the most concerning potential online threats to voters, candidates and campaign officials. With malicious tools that monitor user behavior, steal user data, redirect browsers and deliver misinformation, malicious code targeted at voters has the potential to cause damage, confusion and loss of confidence in the election process itself. By placing keyloggers or Trojans on a user’s system, a cyber criminal could hold the user’s data hostage until a fee is paid to release it; such threats have already surfaced and been leveraged in the larger Internet user community. In addition, a carefully placed targeted keylogger might potentially result in the monitoring of all communications from an individual, including the candidate, campaign manager and other key personnel.

Denial-of-service attacks, which make a computer network or website unavailable and therefore unusable, have become increasingly common on the Internet today. In May 2007, one such attack was launched against the country of Estonia by Russian patriots who disabled numerous key government systems over the course of several weeks. Regardless of the motivation of such attacks or their geographic setting, in an election process they could potentially prevent voters from reaching campaign websites and impede campaign officials from communicating with voters.

In fact, the security of a campaign’s website plays a role in how much faith voters have in the election process. Yet, these websites can also be hacked so that attackers can post misinformation or deploy malicious code to unsuspecting visitors. Attempts to deceive voters through the spread of misinformation using traditional forms of communication are not new. Past campaigns have aimed at intimidating minorities and individuals with criminal records, announced erroneous voting dates and introduced other tactics to create voter confusion. Such activities lend themselves to the Internet because of the ease with which they can be conducted by a single attacker rather than an organized group.

As campaigns increasingly look to the Internet as a tool for gathering support, the inherent risks that follow must also be considered. From domain name abuses to phishing, hacking and other security threats, the risks of online advocacy must be understood by election campaigns so that the necessary precautions can be put in place to protect against them. By keeping a vigilant watch on cyber activities, candidates, their campaigns and voters can help maintain a dynamic yet reliable election process.