Online Threats During Election Season

SPAMMERS continue to capitalise on current events, particularly elections, says Symantec Corp in its January State of Spam report.

For example, when the US presidential primaries began to heat up, a new gift card spam emerged.

Recipients were offered a chance to receive a US$500 (RM1,700) gift card in exchange for their opinion about Hillary Clinton’s chances of winning the 2008 elections. Instead, users were directed to a site asking for and collecting personal information about the recipient.

Malicious actors use crimeware during elections to collect personal, potentially sensitive or legally questionable information about individuals. A carefully placed, targeted keylogger has the potential to cause material damage to a candidate in the process of an election. Such code may also be targeted towards campaign staff, family members or others who may be deemed material to a candidate’s efforts.

The integration of Web 2.0 technology into political Web sites could open campaigns up to cross-site scripting attacks and other malicious activities. Symantec’s Security Response blog reported that the recent US elections saw several attacks made on the politicians’ sites in an attempt to sway or intimidate voters. An example was during the campaign of Republican Rudy Giuliani, where a vulnerability was identified on the candidate’s Web site in March that could have allowed attackers to perform structured query language injection attacks to expose volunteers’ private information.

In the leadup to Malaysia’s 12th general elections, Symantec has identified some risks that voters need to be aware of:

* Phishing: There is currently a trend of candidates flocking to the Internet to communicate with constituents. For example, an attack may involve the diversion of online campaign information intended for one candidate to another candidate.

* Spyware: Spyware poses a new risk to the mass accumulation of election-related statistics used to track election trends. It has the ability to capture and record user behaviours, including Web browsing, party affiliation, online campaign contributions and e- mail traffic, without voters’ knowledge or consent. This changes the landscape dramatically when it comes to election-related data collection.

* Campaign Web site security: The breach of a legitimate candidate’s Web site allows an attacker to have control over all content viewed by visitors to that site. This may allow for the posting of misinformation, or worse, the deployment of malicious code to unsecured visitors.

* Botnets: These have generally been associated with denial-of- service attacks, worms, Trojans or phishing. But attackers can use botnets to steal private information and communicate it back to the malicious user.

(c) 2008 New Straits Times. Provided by ProQuest Information and Learning. All rights Reserved.