'E-mail squatting' poses the most danger, says electoral cybercrime researcher
The 2008 presidential campaigns are apparently oblivious to many of the threats that could damage their candidates' reputations and fund-raising abilities, or disclose sensitive insider information, a security researcher said Friday.
"There's just a general lack of awareness that this is a problem," said Oliver Friedrichs, director of emerging technologies at Symantec Corp. and a researcher on electoral cybercrime.
In a presentation at this week's RSA Conference, Friedrichs outlined new research on Internet threats facing presidential campaigns. Today he delved into the numbers to highlight the dangers he thought were the most serious.
At the top of his list: "e-mail squatting."
"That's a variation of cybersquatting, where someone other than the brand owner sits on a domain name," said Friedrichs, referring to a common practice that has several variations, all intended to profit from a recognizable name or Web site URL and often used by cybercriminals such as phishers, identity thieves and malware makers.
E-mail squatting is a spin-off of "typo-squatting," which involves registering a domain name that is just a character or two different from a legitimate URL, such as "Barackobamw.com" rather than the actual Barackobama.com.
"If you typed in the wrong e-mail address, that message could go to a domain not owned by the actual candidate," Friedrichs pointed out. "Many organizations, not just political campaigns, are just not aware of the threat. But it's an easy, passive way to steal critical information, no matter what the organization."
To back up his contention that site squatting in general -- and e-mail squatting in particular -- pose threats to presidential campaigns, Friedrichs repeated tests first done in August 2007 to determine how widespread typo-squatting was for each presidential candidate's campaign, then actually registered 124 typo-style domains for the campaigns of Sen. Hillary Clinton, Sen. Barak Obama and former Gov. Mitt Romney.
Friedrichs monitored those domains for incoming e-mail, which were stripped at the firewall of all content and identifying information other than the sending domain. Symantec simply counted up the messages sent to those typo-squatting URLs. "We counted 1,121 connections" during a 24-hour period," said Friedrichs. "We would have received all those e-mails if we hadn't blocked them at the firewall."
Because Symantec's test didn't let the sender's address or any content through, it was impossible to know for certain what the e-mail contained or who had written them. However, Friedrichs noted that "they may have been from the public or campaign volunteers or even contributors. "Among the sending domains were "google.com," "yahoo.com" and "adminstaff.com," the latter an administrative job search site.
Friedrichs also contacted the Clinton, Obama and Romney campaigns and offered to turn over the domains Symantec had registered. In another example of some campaigns' lack of interest in Web-based threats, only Romney's representatives replied; Friedrichs handed over nearly 50 domains to the campaign.
Other threats were on Friedrichs' mind as well. "The possible diversion of online contributions is concerning," he said. "And denial-of-service attacks related to contributions too, which we've already seen, with the attack against the Ron Paul campaign in 2007."
In late October, spam promoting the Texas congressman flooded voters' in-boxes, prompting some to opine that a rogue supporter had built a spam bot, seeded it on compromised PCs and used it to send junk mail with subject headings such as "Ron Paul Wins GOP Debate!"
Two months later, researchers pinned responsibility for the incident on a subset of "Srizbi" botnet.
While Friedrichs continued to raise an alarm, he also acknowledged that, so far at least, attacks against presidential campaigns have been few in number and caused little damage.
"Why is that? One, it could be ignorance on the part of attackers, who just don't understand how much money is being raised online by candidates," Friedrichs said. "Second, it could be caution on their part because of what's at stake and the possible reaction by law enforcement."
The 2008 presidential campaigns are apparently oblivious to many of the threats that could damage their candidates' reputations and fund-raising abilities, or disclose sensitive insider information, a security researcher said Friday.
"There's just a general lack of awareness that this is a problem," said Oliver Friedrichs, director of emerging technologies at Symantec Corp. and a researcher on electoral cybercrime.
In a presentation at this week's RSA Conference, Friedrichs outlined new research on Internet threats facing presidential campaigns. Today he delved into the numbers to highlight the dangers he thought were the most serious.
At the top of his list: "e-mail squatting."
"That's a variation of cybersquatting, where someone other than the brand owner sits on a domain name," said Friedrichs, referring to a common practice that has several variations, all intended to profit from a recognizable name or Web site URL and often used by cybercriminals such as phishers, identity thieves and malware makers.
E-mail squatting is a spin-off of "typo-squatting," which involves registering a domain name that is just a character or two different from a legitimate URL, such as "Barackobamw.com" rather than the actual Barackobama.com.
"If you typed in the wrong e-mail address, that message could go to a domain not owned by the actual candidate," Friedrichs pointed out. "Many organizations, not just political campaigns, are just not aware of the threat. But it's an easy, passive way to steal critical information, no matter what the organization."
To back up his contention that site squatting in general -- and e-mail squatting in particular -- pose threats to presidential campaigns, Friedrichs repeated tests first done in August 2007 to determine how widespread typo-squatting was for each presidential candidate's campaign, then actually registered 124 typo-style domains for the campaigns of Sen. Hillary Clinton, Sen. Barak Obama and former Gov. Mitt Romney.
Friedrichs monitored those domains for incoming e-mail, which were stripped at the firewall of all content and identifying information other than the sending domain. Symantec simply counted up the messages sent to those typo-squatting URLs. "We counted 1,121 connections" during a 24-hour period," said Friedrichs. "We would have received all those e-mails if we hadn't blocked them at the firewall."
Because Symantec's test didn't let the sender's address or any content through, it was impossible to know for certain what the e-mail contained or who had written them. However, Friedrichs noted that "they may have been from the public or campaign volunteers or even contributors. "Among the sending domains were "google.com," "yahoo.com" and "adminstaff.com," the latter an administrative job search site.
Friedrichs also contacted the Clinton, Obama and Romney campaigns and offered to turn over the domains Symantec had registered. In another example of some campaigns' lack of interest in Web-based threats, only Romney's representatives replied; Friedrichs handed over nearly 50 domains to the campaign.
Other threats were on Friedrichs' mind as well. "The possible diversion of online contributions is concerning," he said. "And denial-of-service attacks related to contributions too, which we've already seen, with the attack against the Ron Paul campaign in 2007."
In late October, spam promoting the Texas congressman flooded voters' in-boxes, prompting some to opine that a rogue supporter had built a spam bot, seeded it on compromised PCs and used it to send junk mail with subject headings such as "Ron Paul Wins GOP Debate!"
Two months later, researchers pinned responsibility for the incident on a subset of "Srizbi" botnet.
While Friedrichs continued to raise an alarm, he also acknowledged that, so far at least, attacks against presidential campaigns have been few in number and caused little damage.
"Why is that? One, it could be ignorance on the part of attackers, who just don't understand how much money is being raised online by candidates," Friedrichs said. "Second, it could be caution on their part because of what's at stake and the possible reaction by law enforcement."
