US presidential candidates face phishing threat in '08

Attacks could divert contributions to opponent's campaign, says researcher

Phishing attacks that harvest credit card numbers or divert online contributions to an opponent's campaign pose the most danger to the Web operations of 2008's presidential candidates, a security researcher said.

"The threat that poses the most danger now is what has posed the most danger in the past," said Oliver Friedrichs, the director of Symantec's security response team and a writer on electoral cybercrime. "Phishing is the most significant problem now, and it has the potential to disrupt campaigns or even competing campaigns."

Not only are candidates' campaign Web sites prime targets for phishers -- the criminals could create bogus sites posing as the real deal to harvest contributors' credit card and bank account numbers -- but they could be victimized by radical followers of their opponent. "A phishing site could impersonate [the site of] one candidate, say Hillary Clinton, but actually submit the donation to another candidate, Rudy Giuliani, for example," said Friedrichs. "It might be very unlikely that a campaign would do something like this, but it could be launched by individuals who already consider themselves criminals, or by radicalized voters."

Even though the dollar amounts of such a steal-from-Hillary-to-pay-Rudy attack might be small, Friedrichs thinks there would be substantial fallout. "The diversion of donations like that has the potential to undermine the confidence in the online donation concept," he said.

In 2004, only two phishing attacks were detected that exploited the presidential election, Friedrichs said, both against the Kerry-Edwards campaign. In one instance, phishers set up a fictitious site shortly after the Democratic National Convention to supposedly solicit donations, although the criminals' goal was to gather credit card numbers and other personal information. In the second, phishers set up a site asking contributors to phone a for-fee 1-900 number that charged callers US$1.99 a minute.

It's likely that the 2008 campaign will see a much larger number of election-oriented phishing campaigns. Phishing posed only a "marginal risk" in 2004, in part because the scam was small-scale compared to today but also because presidential campaigns had only begun to move online in search of contributions. Today phishers are more capable and candidates more dependent on the Internet.

"We've seen phishing against candidates in the past," said Friedrichs, "and we should expect to see it during this campaign."

One thing that could make phishers' crimes even easier is the large number of domains that are just a typo away from an actual candidate's campaign Web site, Friedrichs argued. Using specialized tools, Friedrichs generated possible typo domains -- "mitrromney.com" rather than the intended "mittromney.com", for example -- and analyzed domain registration records.

"Many of the typo domains were not registered by the candidates proactively," said Friedrichs. "Only one candidate [Mitt Romney] had registered a typo domain, and then only one domain. Every other candidate had not taken precautions."

Phishers could exploit typo domains, as well as what Friedrichs called "cousin" domains -- expanded versions of a candidate's actual domain, such as "presidentbarackobama.com" -- to trick contributors into clicking on links in e-mail messages.

But other kinds of profiteering is also not only possible with typo domains, but already in action, according to Friedrichs. Most typo domains, he said, are used to host ads, most often contextual ads. On some typo domains -- courtesy of ad syndicates or keyword purchasing -- the ads are in fact from the candidate whose domain has been abused. "The candidate is paying to have their ads displayed on the typo squatter's Web site. Candidate are paying for their own typo sites," said Friedrichs.

"Candidates and their campaigns are only beginning to understand the risks and have yet to take the necessary precautions in order to protect themselves," he concluded. "Our fear is that a true appreciation of the required countermeasures will not be realized until these attacks do in fact manifest themselves."

A draft of Friedrichs' chapter for the upcoming book Crimeware has been posted to Symantec's Web site, and includes sections on other threats to the electoral process, ranging from malicious code to Internet-based dirty tricks.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?