Cybercriminals Could Steal Elections, Security Researcher Warns
Risks include the dissemination of misinformation, fraud, phishing, malicious code, and the invasion of privacy, according to Symantec analysts.
According to the book, most of the typo sites appear to have been set up to earn ad dollars using the candidates' names rather than to place a particular person in office. It's also worth noting that some typo sites are satirical in nature and are thus constitutionally protected free speech rather than attempts to dupe or defraud voters.
Yet, Friedrichs cautions, extremists unaffiliated with a particular campaign might try to attack a campaign's opponents online. "What we have seen in the past is denial-of-service attacks against candidate Web sites," he said. "For example, in 2006, we saw attacks against the Joe Lieberman Web site, Joe2006.com, and that site was taken offline for some time. ... As a result, the e-mail system for the campaign was unavailable."
To date, there's no evidence to suggest that cybercriminals have altered the outcome of an election. "We have not seen an attack that has had a meaningful impact on the outcome of an election yet," explained Friedrichs.
But the impact of cybercrime on the electoral process need not be that severe to be troubling. "We do believe that tactics that we see in the physical world like voter intimidation and deception are likely to manifest themselves in the cyberworld as well," said Friedrichs.
One of the possible attacks that concerns Friedrichs is the diversion of funds. "For example, if I'm a phisher, I can set up a phishing site or a typo site and a victim coming to that site may believe he's contributing a donation to one particular candidate, but on the back end we can actually redirect that transaction to a completely different candidate. So essentially, the victim would be donating to their candidate's opponent. And that has the potential to really cause voters to lose faith in the online donation system as a whole."
All 17 of the 2008 presidential candidates researched by Symantec accept online donations, according to Friedrichs.
As to how such issues might be dealt with, Friedrichs doubts legislation will help. Laws like the Can-Spam Act, he said, haven't had a meaningful impact on the distribution of spam.
"There are already a number of countermeasures that campaigns can leverage," said Friedrichs. "What we find is that many of [the politicians], being relatively new to the Internet, really haven't become aware of the best practices they should be taking. One of the goals here is to raise awareness of those best practices."
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.