Security Watch | Matt Hines » The politics of cyber-crime

October 09, 2007 | Comments: (0)

The politics of cyber-crime

TAGS: Security

As the presidential race of 2008 nears, there appear to be very few certainties that can be applied to the political runoff.

Beyond the fact that President George W. Bush's tumultuous tenure in the Oval Office will come to a close -- and that e-voting technologies will likely come under a new wave of fire from security researchers -- one other concrete detail appears to be that malware authors, phishers and other assorted cyber-scum will attempt to take advantage of interest in the election to deliver a new wave of attacks.

Last week, Carnegie Mellon University's CyLab project hosted the Anti-Phishing Working Group's eCrime Researchers Summit. As part of the event, a panel of experts including Symantec researcher Oliver Friedrichs debated the various methods that online assailants will employ to aim their wares at unsuspecting voters.

In a blog post on the company's Web site, Friedrichs outlined some of the conclusions that he and the other experts arrived at regarding the upcoming political-security firestorm. The other panelists were Rachna Dhamija from Harvard University, Chris Soghoian from Indiana University, and Pat Clarke of Jackson/Clark Partners.

Friedrichs also took the opportunity to plug a new book he has contributed to dubbed "Crimeware" -- due out in Feb. 2008 -- which will touch on the political-security issue, among many others apparently. Symantec, which will publish the book, has been kind enough to pass along the chapter on this topic free-of-charge to anyone interested in reading it.

Some highlights:

-The existing candidates have not done a thorough job of snapping-up domain names that could be easily associated with their campaigns by attackers looking to ensnare end users.

According to Friedrichs, Symantec performed an analysis of 17 well-known candidate domain names to seek out domain speculators and typo squatters.

"Our results were interesting to say the least," he said. "Candidates have not done a good job at protecting themselves."

A quick exercise in attempting to create URLs that people might fall for finds that some of the obvious ones have been taken by the aspiring presidents, such as www.barackobama.com. However, URLs like www.clintonwhitehouse.com and www.giulianicommittee.com bring up largely undeveloped pages -- likely acquired by squatters hoping to cash-in -- that openly advertise themselves for sale to any interested parties.

One popular technique will be for criminals to create "cousin" sites that closely mimic the candidates legitimate Web pages, as in, www.mitt-romney.com (currently under the control of someone who pitches themselves as an unofficial supporter), versus www.mittromney.com (the candidate's real site).

Squatters and phishers will also piggyback on the typo sites as well, such as www.mitromney.com (currently home to another unofficial supporter), Friedrichs said.

Parody sites and unofficial informational sites (such as those listed above) will also be used to carry out attacks, according to the research.

-The threat of phishing has only grown more severe.

"When considering the 2004 election as a whole, phishing presented only a marginal risk," said Friedrichs. "At the time, phishing itself was still in its infancy, and had yet to grow into the epidemic that can be observed today. When we revisit the potential risk of phishing to the 2008 federal election, we find ourselves in a much different position."

Since online political fundraising and campaigning has become so ubiquitous (I get an e-mail from the DNC every day it seems), the researcher contends it will be relatively easy for attackers to craft effective phishing runs that take advantage of the election buzz.

After performing some additional analysis, Friedrichs suggests that the most dangerous threats will likely seek siphon donations away from legitimate candidates.

Even worse, he believes that people who want to undermine the whole process of garnering online donations will do so by purposefully diverting funds from one candidate to another with opposing beliefs and then publicizing it to discourage the Web-based fundraising practice.

-Adware will be used to "influence or manipulate" voters.

In addition to using fake candidate sites to deliver traditional adware and malware, the Symantec researchers believe that politically-minded attackers could carry out schemes to "silently replace advertisements for one candidate with another."

According to the report these scams would likely be carried out by manipulating incoming HTML in end users' browsers before it is rendered, otr by overlaying their own ad on top of another.

-Spyware may be used to skew election-related data gathering.

Friedrichs points out that spyware programs could be used to capture telltale political end user behavior, such as Web browsing habits, party affiliation, online campaign contributions and e-mail traffic.

With that information in hand, the researcher contends, politically-motivated organizations could conduct secret polls or gather election results sweeps that are essentially fixed beforehand to benefit some candidate or another, or to motivate people to get out and vote.

And there are plenty of other scenarios that could use attacks to alter the campaigning process as well.

Now, about those e-voting machines…

Posted by Matt Hines on October 9, 2007 10:20 AM

RATE THIS ARTICLE: