Typo threats and the 2008 Presidential election

From the lowliest personal web page to the most secure online banking portal, no website is completely safe from attack. Illustrating this point at the Black Hat security conference in Washington, D.C. last week, Oliver Friedrichs, director of emerging technologies for security vendor Symantec, discussed various types of attacks that we could see during this year’s U.S. presidential election. During the briefing, “Threats to the 2008 Presidential Election,” Friedrichs detailed a number of hacking scenarios, all of which have serious implications even outside the political arena.

While the Internet has been used to promote candidates, raise funds and recruit supporters in past elections, Friedrichs characterized the candidates’ online efforts in this year’s election as eclipsing anything seen in the past. “When we look at ’08, the contributions have already overshadowed the ’04 campaign,” Friedrichs noted, adding that Democratic presidential hopeful Barack Obama raised $28 million online in January of this year alone. Obviously, a lot is at stake with regard to the candidates’ websites, and monetary contributions might only be the tip of the iceberg. Friedrichs characterized an “extreme” attack as a malicious alteration with “potential to severely disrupt a campaign, spread confusion and potentially influence the outcome of the election.”

While attacks on candidates’ websites could have very serious repercussions, you might be surprised to hear that some of the simplest methods can be extremely effective. Friedrichs spent the majority of his presentation discussing threats relating to “typo squatting”--a method whereby someone registers URLs with intentional typos in them, with the idea of intercepting traffic meant for another domain. “For example, if someone registers JillaryClinton.com because the J is right next to the H key,” Friedrichs explained. Currently there are avenues that businesses and individuals can use to contest and reclaim typo domains--the WIPO (the World Intellectual Property Organization) helps settle some of these disputes, for example--but there are currently no legal methods that can be used to prevent typo squatting. For that reason, “many of these typo domains have been running rampant.”