What’s more, some typo squatters’ sites may not simply host advertisements whose profits go back to them rather than to the intended site’s owner, but they may actually forward the user to an alternative site with differing political views. Worse yet, the real potential for future abuse of typo domains may revolve around the distribution and installation of security risks and malicious code, the potential impact of which is evident in online banking, ecommerce and other business-related online activities today.
Phishers, Hackers, and More
The use of malicious code and security risks for profit is certainly not new. It seems the authors of such creations are quick to reach into their bag of tricks in the wake of everything from natural disasters to economic downturns and even elections to try to manipulate users into becoming unwitting participants in their latest cyber scheme.
For example, phishers targeted the Kerry-Edwards campaign during the 2004 federal election—in one case, setting up a fictitious website to solicit online campaign contributions and in another, setting up a fictitious “toll-free” number for supporters to call (and then charging each caller nearly $2 per minute). Whether leveraging a fundraising site to which users have been redirected, a candidate’s legitimate site, spoofed emails or typo-squatted domains, phishers have a wide range of vehicles from which to deliver their malicious activity.
Malicious code infection represents one of the most concerning potential online threats to voters, candidates and campaign officials. With malicious tools that monitor user behavior, steal user data, redirect browsers and deliver misinformation, malicious code targeted at voters has the potential to cause damage, confusion and loss of confidence in the election process itself. By placing keyloggers or Trojans on a user’s system, a cyber criminal could hold the user’s data hostage until a fee is paid to release it; such threats have already surfaced and been leveraged in the larger Internet user community. In addition, a carefully placed targeted keylogger might potentially result in the monitoring of all communications from an individual, including the candidate, campaign manager and other key personnel.
Denial-of-service attacks, which make a computer network or website unavailable and therefore unusable, have become increasingly common on the Internet today. In May 2007, one such attack was launched against the country of Estonia by Russian patriots who disabled numerous key government systems over the course of several weeks. Regardless of the motivation of such attacks or their geographic setting, in an election process they could potentially prevent voters from reaching campaign websites and impede campaign officials from communicating with voters.
In fact, the security of a campaign’s website plays a role in how much faith voters have in the election process. Yet, these websites can also be hacked so that attackers can post misinformation or deploy malicious code to unsuspecting visitors. Attempts to deceive voters through the spread of misinformation using traditional forms of communication are not new. Past campaigns have aimed at intimidating minorities and individuals with criminal records, announced erroneous voting dates and introduced other tactics to create voter confusion. Such activities lend themselves to the Internet because of the ease with which they can be conducted by a single attacker rather than an organized group.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.