Sunday, October 14, 2007

Just when you thought it was safe...

If you thought we had problems with web browsing safety now... New Scientist Tech reported on October 9 on the probability of political dirty tricks invading the Internet and e-mail to dirty up opponents as the fall election season hots up. Jessica Marshall writes:

...established security threats like spam emails and botnets – collections of "zombie" computers remotely controlled by hackers – all open new avenues for fraudulent campaigning. So said experts at an e-crime summit at Carnegie Mellon University in Pittsburgh, Pennsylvania last week.

Dirty tricks are not new. On US election day in 2002, the lines of a "get-out-the-voters" phone campaign sponsored by the New Hampshire Democratic Party were clogged by prank calls. In the 2006 election, 14000 Latino voters in Orange County, California, received letters telling them it was illegal for immigrants to vote.

But in those cases the Republican Party members and supporters were traced and either charged or named in the press. Online dirty tricks will be much less easy to detect, security researchers say.
Misinformation campaigns

Spam email could be used against voters, experts say, by giving the wrong location for a polling station, or, as in the Orange County fraud, incorrect details about who has the right to vote. Although a low proportion of people fall for spam emails, a larger audience can be reached than with posted letters, and in close races every voter counts.

Telephone attacks like the New Hampshire prank calls would be harder to trace if made using internet telephony instead of landlines, says Rachna Dhamija of the Harvard Center for Research on Computation and Society.

Calls could even be made using a botnet. This would make tracing the perpetrator even harder, because calls wouldn't come from a central location. What's more, the number of calls that can be made is practically limitless.

Internet calls might also be made to voters to sow misinformation, says Christopher Soghoian at Indiana University in Bloomington. "Anonymous voter suppression is going to become a reality."

The internet allows more direct attacks on other candidates possible too, as John McCain, Republican presidential candidate hopeful, discovered. His MySpace page used an image hosted on another person's site. When that person switched the image to one stating McCain had reversed his position on gay marriage, the change was reflected on McCain's page and he was left red-faced.
'Typo domains'

Although people who saw this probably realised it was a prank, it illustrates the ease with which campaign material can be altered with little chance of being caught. Making this kind of attack on hard-copy media, like newspapers or campaign leaflets, is near-impossible without leaving evidence that could lead to prosecution.

Manipulation can also happen in more subtle ways. In 2006, supporters of California's Proposition 87, for a tax that would fund alternative energy, registered negative-sounding domains including noon87.com and noonprop87.org and then automatically routed visitors to a site touting the proposition's benefits.

Similarly, people have registered hillaryclingon.com and muttromney.com. Although merely unflattering to US presidential hopefuls Hillary Clinton and Mitt Romney, such "typo domains" could be used to spread malicious software or take fraudulent donations, says Oliver Friedrichs of Symantec in Mountain View, California.
Vulnerable groups

Phishing – fraudulently obtaining personal information online – has already affected politics. In 2004, a fake website purporting to be for Democratic presidential candidate John Kerry stole campaign contributions, as well as users' debit-card numbers.

Campaigns are vulnerable to phishing because domain names tend not to have a predictable form – compare barackobama.com with joinRudy2008.com – making it difficult to pick the official site. Such attacks could deter people from donating online, a move that would disproportionately affect Democrats and young people, who are more likely than other groups to donate via the web.

The low probability of getting caught online, combined with the fact that anti-spam laws and "no-call" lists exempt political messages, makes the threat real. "The fact is that all of the technology for all of these things to happen is already in place," Soghoian says. "I'm not sure this will happen in 2008, but it will happen."
So, make the best use of the Internet aids to democracy -- like the Congresspedia and related websites reported here earlier this month, but beware of the dark side of democracy in the age of the Web!

No comments: