Web sites are not safe. Just last week, I accidentally infected one of my own computers with some nasty spyware by clicking on the wrong link on the wrong creepy Web site; at least, I think that’s what happened. Some Web sites host what are called “drive-by infections,” where you don’t even have to click anything to get infected; all you have to do is look at the Web site. It took me hours to clean up the mess. Many otherwise legitimate Web sites now serve up viruses and spyware to their customers, often without the Web sites’ authors being aware that anything is amiss.
Black hat hackers also have been messing around with the Web sites of candidates in the upcoming 2008 elections. A preview chapter from the forthcoming book titled “Crimeware,” to be published by Symantec Press, details how cybercriminals have been setting up fake election Web sites for years, and now are working to impersonate, shut down and hack the real Web sites of 2008 presidential candidates. The chapter, titled “Cybercrime and The Electoral System,” written by security expert Oliver Friedrichs, also acknowledges how vote fraud through the use of compromised computers and voting machines is a very real possibility.
Friedrichs writes, “It is important to understand the associated risks as political candidates increasingly turn to the Internet to more effectively communicate their positions, rally supporters and seek to sway critics.
These risks include among others the dissemination of misinformation, fraud, phishing, malicious code and the invasion of privacy. Some of these attacks, including those involving the diversion of online campaign donations, have the potential to threaten voters’ faith in our electoral system.”
One of the most common attacks is the use of fake Web sites, known as “domain name abuse.” Part of this tactic involves setting up Web sites that are slight misspellings of the real thing, such as “narackobama.com” instead of the real Web site’s address, barackobama.com. You may be the world’s greatest typist, but hundreds of thousands of Web sites names are misspelled every day.
At the time he did his research, Friedrichs discovered 52 Web sites that had been registered as typos of the real Obama Web sites. When he visited barackobams.com, he discovered advertisements that led to Obama’s real Web sites. However, if users clicked on the ads, the bad guys earned money that, through some clever hacker manipulations, the real Obama campaign was obliged to pay. Some phony candidate Web sites, rather than being malicious, are merely hilarious. Check out hillaryclingon.com; it’s a hoot.
Other cybercriminals use fake Web sites to solicit campaign donations or trick people into calling for-fee 1-900 numbers. This happened to the Kerry-Edwards campaign in 2004. Along with collecting easy cash, the fraudsters made off with numerous credit card numbers and other personal information; they were never caught.
Another way the bad guys have messed with campaign Web sites is through what is called a “denial of service (DOS)” attack. DOS attacks often work by having thousands or millions of previously hacked computers try to visit the same Web sites at the same time. Often, the Web sites’s host computers cannot handle the traffic load and simply shut down. Not only can a DOS attack literally take a Web site offline, it also can deny service to e-mail addresses linked to the Web sites address. This happened last year to Joe Lieberman’s joe2006.com Web sites. Speculation exists that Democrat Party hackers kicked the Web sites offline in retaliation for Lieberman’s leaving their party to run as an Independent, though no concrete evidence exists to that effect.
The most ominous threat to campaign security involves voting machine fraud.
Writes Friedrichs: “There are many serious and important risks to consider related to the security of the voting process, and the new breed of electronic voting machines… Risks include the ability for attackers or insiders to either manipulate these machines or to alter and tamper with the end results.” I think that it’s time for us to ask our elected servants, “What are you doing to insure that voting machines function accurately, can be easily audited, and cannot be hacked?” By the time that the 2008 elections roll around, it may be too late.
Dave Moore has been repairing computers in Norman since 1984, when he borrowed $1,200 to buy a Commodore 64 system. He can be reached at 919-9901 or www.davemoorecomputers.com.
