* 13:38 09 October 2007
* NewScientist.com news service
* Jessica Marshall
The web may not deserve its reputation as a great democratic tool, security experts say. They predict voters will increasingly be targeted by internet-based dirty tricks campaigns, and that the perpetrators will find it easier to cover their tracks.
While politicians have been quick to embrace the internet as an enabler for democracy, established security threats like spam emails and botnets – collections of "zombie" computers remotely controlled by hackers – all open new avenues for fraudulent campaigning. So said experts at an e-crime summit at Carnegie Mellon University in Pittsburgh, Pennsylvania last week.
Dirty tricks are not new. On US election day in 2002, the lines of a "get-out-the-voters" phone campaign sponsored by the New Hampshire Democratic Party were clogged by prank calls. In the 2006 election, 14000 Latino voters in Orange County, California, received letters telling them it was illegal for immigrants to vote.
But in those cases the Republican Party members and supporters were traced and either charged or named in the press. Online dirty tricks will be much less easy to detect, security researchers say.
Spam email could be used against voters, experts say, by giving the wrong location for a polling station, or, as in the Orange County fraud, incorrect details about who has the right to vote. Although a low proportion of people fall for spam emails, a larger audience can be reached than with posted letters, and in close races every voter counts.
Telephone attacks like the New Hampshire prank calls would be harder to trace if made using internet telephony instead of landlines, says Rachna Dhamija of the Harvard Center for Research on Computation and Society.
Calls could even be made using a botnet. This would make tracing the perpetrator even harder, because calls wouldn't come from a central location. What's more, the number of calls that can be made is practically limitless.
Internet calls might also be made to voters to sow misinformation, says Christopher Soghoian at Indiana University in Bloomington. "Anonymous voter suppression is going to become a reality."
The internet allows more direct attacks on other candidates possible too, as John McCain, Republican presidential candidate hopeful, discovered. His MySpace page used an image hosted on another person's site. When that person switched the image to one stating McCain had reversed his position on gay marriage, the change was reflected on McCain's page and he was left red-faced.
Although people who saw this probably realised it was a prank, it illustrates the ease with which campaign material can be altered with little chance of being caught. Making this kind of attack on hard-copy media, like newspapers or campaign leaflets, is near-impossible without leaving evidence that could lead to prosecution.
Manipulation can also happen in more subtle ways. In 2006, supporters of California's Proposition 87, for a tax that would fund alternative energy, registered negative-sounding domains including noon87.com and noonprop87.org and then automatically routed visitors to a site touting the proposition's benefits.
Similarly, people have registered hillaryclingon.com and muttromney.com. Although merely unflattering to US presidential hopefuls Hillary Clinton and Mitt Romney, such "typo domains" could be used to spread malicious software or take fraudulent donations, says Oliver Friedrichs of Symantec in Mountain View, California.
Phishing – fraudulently obtaining personal information online – has already affected politics. In 2004, a fake website purporting to be for Democratic presidential candidate John Kerry stole campaign contributions, as well as users' debit-card numbers.
Campaigns are vulnerable to phishing because domain names tend not to have a predictable form – compare barackobama.com with joinRudy2008.com – making it difficult to pick the official site. Such attacks could deter people from donating online, a move that would disproportionately affect Democrats and young people, who are more likely than other groups to donate via the web.
The low probability of getting caught online, combined with the fact that anti-spam laws and "no-call" lists exempt political messages, makes the threat real. "The fact is that all of the technology for all of these things to happen is already in place," Soghoian says. "I'm not sure this will happen in 2008, but it will happen."
Computer Viruses - Learn more about the threats to your PC in our comprehensive special report.
* Fighting the US elections - on YouTube and Wikipedia
* 09 March 2007
* California court voids electronic vote
* 21 July 2007
* E-voting you can trust
* 19 October 2006
* Anti-Phishing Working Group eCrime Researchers Summit
* Christopher Soghoian
* Rachna Dhamija
* Cybercrime and the electoral system, Symantec
© Copyright Reed Business Information Ltd.