US presidential candidates face phishing threat in '08

Attacks could divert contributions to opponent's campaign, says researcher

Phishing attacks that harvest credit card numbers or divert online contributions to an opponent's campaign pose the most danger to the Web operations of 2008's presidential candidates, a security researcher said.

"The threat that poses the most danger now is what has posed the most danger in the past," said Oliver Friedrichs, the director of Symantec's security response team and a writer on electoral cybercrime. "Phishing is the most significant problem now, and it has the potential to disrupt campaigns or even competing campaigns."

Not only are candidates' campaign Web sites prime targets for phishers -- the criminals could create bogus sites posing as the real deal to harvest contributors' credit card and bank account numbers -- but they could be victimized by radical followers of their opponent. "A phishing site could impersonate [the site of] one candidate, say Hillary Clinton, but actually submit the donation to another candidate, Rudy Giuliani, for example," said Friedrichs. "It might be very unlikely that a campaign would do something like this, but it could be launched by individuals who already consider themselves criminals, or by radicalized voters."

Even though the dollar amounts of such a steal-from-Hillary-to-pay-Rudy attack might be small, Friedrichs thinks there would be substantial fallout. "The diversion of donations like that has the potential to undermine the confidence in the online donation concept," he said.

In 2004, only two phishing attacks were detected that exploited the presidential election, Friedrichs said, both against the Kerry-Edwards campaign. In one instance, phishers set up a fictitious site shortly after the Democratic National Convention to supposedly solicit donations, although the criminals' goal was to gather credit card numbers and other personal information. In the second, phishers set up a site asking contributors to phone a for-fee 1-900 number that charged callers US$1.99 a minute.

It's likely that the 2008 campaign will see a much larger number of election-oriented phishing campaigns. Phishing posed only a "marginal risk" in 2004, in part because the scam was small-scale compared to today but also because presidential campaigns had only begun to move online in search of contributions. Today phishers are more capable and candidates more dependent on the Internet.

"We've seen phishing against candidates in the past," said Friedrichs, "and we should expect to see it during this campaign."

One thing that could make phishers' crimes even easier is the large number of domains that are just a typo away from an actual candidate's campaign Web site, Friedrichs argued. Using specialized tools, Friedrichs generated possible typo domains -- "mitrromney.com" rather than the intended "mittromney.com", for example -- and analyzed domain registration records.

"Many of the typo domains were not registered by the candidates proactively," said Friedrichs. "Only one candidate [Mitt Romney] had registered a typo domain, and then only one domain. Every other candidate had not taken precautions."

Phishers could exploit typo domains, as well as what Friedrichs called "cousin" domains -- expanded versions of a candidate's actual domain, such as "presidentbarackobama.com" -- to trick contributors into clicking on links in e-mail messages.

But other kinds of profiteering is also not only possible with typo domains, but already in action, according to Friedrichs. Most typo domains, he said, are used to host ads, most often contextual ads. On some typo domains -- courtesy of ad syndicates or keyword purchasing -- the ads are in fact from the candidate whose domain has been abused. "The candidate is paying to have their ads displayed on the typo squatter's Web site. Candidate are paying for their own typo sites," said Friedrichs.

"Candidates and their campaigns are only beginning to understand the risks and have yet to take the necessary precautions in order to protect themselves," he concluded. "Our fear is that a true appreciation of the required countermeasures will not be realized until these attacks do in fact manifest themselves."

A draft of Friedrichs' chapter for the upcoming book Crimeware has been posted to Symantec's Web site, and includes sections on other threats to the electoral process, ranging from malicious code to Internet-based dirty tricks.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?