Highlights
– Spam is being used to promote 2008 Presidential Candidates
– Various forms of hacking can be used to manipulate voters and influence elections
– Various attacks will take place during the 2008 campaign but they are unlikely to exert a widespread influence on the national elections
According to researchers from the University of Alabama-Birmingham’s computer forensics research department, a series of spam emails have been circulating the Internet promoting the campaign of Republican Presidential Candidate Ron Paul.
Gary Warner, the University of Alabama at Birmingham’s Director of Research in Computer Forensics, stated, “This is clearly a criminal act in support of a campaign, which has been committed with or without their knowledge.”
Spam could aid a candidate for office as it offers an efficient albeit illegal way to communicate with voters and potential supporters. Spam could be used to promote one candidate or it could also be used in a more malicious manner to degrade another candidate.
Further, by using botnets, a network of compromised computers, or open-relays, an email server that will forward third-party emails, a campaign supporter could hide the source of the spam. This obfuscation would likely serve to confuse the electorate and make it more difficult for potential voters to sort fact from fiction during the campaign.
Electoral Hacking: More than Spam
Cyber security experts have also warned that cyber criminals could employ the following hacking techniques in an attempt to commit fraud or possibly influence the outcome of future elections:
– Pharming and Typo Squatting are attacks designed to redirect a user from a legitimate website to an illegitimate website. In the case of a campaign, an attacker could re-direct traffic from one candidate’s website to another candidate’s website. In a more insidious attack, an attacker could redirect traffic to a fraudulent website designed to look like a candidate’s legitimate website but instead contained false and malicious information about the candidate. This type of attack could also be used to pilfer or even redirect campaign donations intended for one candidate to another candidate.
– Phishing is a social engineering attack delivered via email designed to lure users to malicious websites. Similar to pharming, phishing attacks could be used to redirect users intending to visit one candidate’s website to another illegitimate website.
– Spyware is software that is surreptitiously installed on a users computer and can be used to gather personal information about the infected user. In theory, spyware could enable an attacker to gather detailed information about users political leanings. More directly, spyware could be used to attack a campaign directly by gathering data on a particular campaigns strategies and financial assets.
Outlook
Although these attacks are unlikely to affect the outcome of the 2008 election, it is probable that 2008 will witness many of the above attacks designed to influence voter participation.
As a result, candidates must make a serious effort to secure their websites and their online infrastructure, as well as encourage voter education on cyber security issues.