Researchers: Hackers Could Affect Presidential Election

Source: Washkuch, Frank Jr., “Researchers: Hackers Could Affect Presidential Election”, SC Magazine Newswire. October 9, 2007.

BY Frank Washkuch Jr.

Hackers could affect next year’s presidential election by using keyloggers, phishing messages or hacking, researchers said this week.

Attackers could also usher in a high-tech version of voter harassment, using keyloggers installed on the PCs of campaign staff members and their families, researcher Oliver Friedrichs said Monday on Symantec’s Security Response blog.

“Crimeware can collect personal, potentially sensitive or legally questionable information about individuals that malicious actors can use either to intimidate voters or hold for ransom to sway votes. A carefully placed, targeted keylogger has the potential to cause material damage to a candidate in the process of an election,” he said. “Such code may also be targeted toward campaign staff, family members or others who may be deemed material to the candidate’s efforts.”

Friedrichs noted that any political contest could suffer from cyberattacks.

The campaign of Republican frontrunner Rudy Giuliani fixed a vulnerability on the candidate’s website in March that could have allowed attackers to perform SQL injection attacks to expose volunteers’ private information. had contained a flaw that prevented the blocking of command instructions to display unauthorized information. Campaign workers fixed the flaw within hours of being notified by the Associated Press.

Last August, the campaign manager for U.S. Sen. Joe Lieberman, I-Conn., accused supporters of Democratic rival Ned Lamont of hacking the incumbent’s website and disabling email distribution.

Lieberman was, at the time, in the throws of a hotly disputed primary battle against Lamont. He lost, but retained his Senate seat by besting Lamont in the general election.

Lamont’s campaign denied the charges and demanded Lieberman’s camp apologize.

Other attack methods could focus on candidates’ cash-collecting operations, according to Friedrichs. Attackers may use phishing attacks that impersonate official websites to scam money from prospective donors.

“Candidates have flocked to the internet in order to communicate with constituents, as well as to raise campaign contributions online. We performed an analysis of campaign websites in order to determine to what degree they allow contributions to be made online,” he said. “The attack of most concern may involve the diversion of online campaign donations intended for one candidate, to another, entirely different candidate, entirely undermining voter confidence in online donations.”

Christopher Soghoian and Markus Jakobsson, researchers at Indiana University, said in a white paper released this week, that phishing emails claiming to be authentic campaign messages are easy to create.
“The easiest way for an attacker to make a phishing page look authentic is to simply clone the content of the original website,” the researchers said. “Web cloning tools, such as the ScrapBook extension for the Firefox web browser, or the Macintosh application Web Devil, allow attackers to create a working local copy of a remote political campaign website, which the attacker can then modify, upload to a server and make available online with a fake, but authentic-sounding domain name.”

Friedrichs told today that phishing and denial-of-service (DoS) attacks are likely to be employed in upcoming elections because they have succeeded in the past.

“Certainly phishing and DoS attacks are two things that have already happened,” he said.

The integration of Web 2.0 technologies into political websites could open campaigns up to cross-site scripting attacks and other malicious activities, said Friedrichs.

“It certainly has the potential to make [campaign website security] worse, because the implications of these technologies are not as well understood [as conventional websites],” he said. “Some of these new technologies lend themselves to new types of attacks.”


NOTE: For more detailed information see the the posting by Oliver Frederichs on the Symantec Security Response Blog

Contact Information