Skip to main content

Mix of Internet, politics ripe for abuse, experts say

  • Story Highlights
  • Politically related Internet attacks moderate so far, security expert says
  • With Internet fundraising a success, thieves may be more likely to strike on Web
  • Bogus sites with URLs close to candidates' sites take advantage of "typo squatting"
  • Internet attackers rarely caught, expert says
  • Next Article in Politics »
From Jeanne Meserve and Jim Spellman
CNN Washington Bureau
Decrease font Decrease font
Enlarge font Enlarge font

WASHINGTON (CNN) -- The increasing use of the Internet by political campaigns presents hackers and spammers with growing opportunities for abuse, according to two Internet experts.

art.friedrichs.cnn.jpg

Oliver Friedrichs is director of emerging technologies for Symantec.

Oliver Friedrichs, director of emerging technologies for Symantec, a computer security firm, said he has seen attacks of only moderate severity but warns much more damage could be done.

Those attacks include: phishing, or e-mails designed to look legitimate but which take respondents to fraudulent sites; adware, or ads that appear through pop-ups or banners on Web pages; and spyware, which secretly monitors computer users. Fraudulent Web sites and plain old lies are also used.

"Campaigns, extremists and others who may not be associated with the campaigns are very likely to start participating in these types of attacks, if not in this election, then in future elections," Friedrichs said in a presentation this week to a Black Hat computer information security conference in Washington.

According to Symantec, an e-mail was sent last week to several hundred people urging them to click on a link to see a video of Democratic presidential candidate Sen. Hillary Clinton. The people who did so inadvertently downloaded a malicious code that made their computers start spewing spam.

Other incidents have involved the theft of money and personal information. In 2004, for instance, supporters of the Democratic presidential ticket of John Kerry and John Edwards received an e-mail soliciting donations.

It provided a link to a site on which people were directed to enter their credit card information. It was bogus. Authorities don't know how much money was collected, where it went or how much credit card information was compromised.

With Internet fundraising proving to be a blockbuster success for candidates, Friedrichs said he believes more thieves will try to exploit it.

Some cons operate through "typo squatting." For $8 a month, anyone can register a domain name that closely resembles the Internet address of a campaign.

If an attacker then establishes a Web site that closely resembles a candidate's, unsuspecting supporters could make donations. The campaign would never get the money, but the attacker would.

Friedrichs said his research shows that typo squatting is in wide use. Hundreds of domain names close to those of the presidential candidates have been registered, some of them in India and China. These domain names have been used to establish Web sites on which to sell advertising or make political points. Others are used to mock candidates.

A slip of the finger while navigating to Clinton's Web site, for instance, could send a user to Hillaryclingon.com, which portrays the former first lady as a character from "Star Trek."

Candidate Web sites themselves also can be hacked, and visitors to the sites could find their computers infected with viruses or worms.

"I'm sure it is happening now, " said Tom Kellermann, vice president of security awareness for Core Security Technologies.

Kellermann said all Web sites, including political ones, are targets.

"Web sites are being attacked on a daily basis by individuals, non-state actors, organized criminals and state actors," he said. "Web sites are seen now as the perfect storm because you can attack the users that use them to access the information and visitors who use those sites, who trust those sites."

The Internet might also be used to distribute disinformation about candidates. Politically motivated hackers could even post inaccurate information on a candidate's site, Friedrichs said.

Attackers are rarely caught, according to Friedrichs. It is easy for "attackers to remain completely anonymous and to never be discovered," he said.

If the exploitation and corruption of political information on the Internet grows as Friedrichs predicts, he said he fears the public could become wary of Internet fundraising and even become suspicious of political information available on the Web.

"It certainly has the potential to not only disrupt but potentially cause voters to lose faith in the electoral system," he said. E-mail to a friend E-mail to a friend

All About InternetInternet DomainsU.S. Presidential Election

  • E-mail
  • Save
  • Print