Watch for Scams this Coming Election
A friend sent me this today and I thought I would post it. It has some good information to keep a look out for as the 2008 elections approach.
Expect “Block the Vote” E-mail, Web & Phone Scams
(from Dark Reading)The Electronic Privacy Information Center (EPIC) predicts that malicious people are likely to conduct Website spoofing, fake VOIP call blasts, phishing, and de-nial of service attacks all to suppress blocks of voters.
Dark Reading writes that an EPIC reports shows that these vicious tech-niques are likely from now through the election in order to suppress voters or blocks of voters. Because of this unusually hotly-contested Presidential election, these techniques could cause some real voting problems: spoofing voting and campaign Websites, fake voice-call blasts via VOIP, phishing, and denial-of-service attacks on legitimate polling Websites.
According to the report, there have been online attempts to disrupt election activity for specific blocks of voters. EPIC’s describes these in detail. Phony emails were sent to Florida voters stating that they would be unable to vote if their ID didn’t match a state database; “robo-calls” went to women voters in North Carolina with false information about their voter registration status; and fake emails were sent to voters in Maryland saying they would be barred from voting if their home was under foreclosure.
Voter suppression campaigns traditionally have used misleading telephone calls, direct mail, and mass literature drops designed to confuse or inhibit voters from casting their ballots. Typical tricks include spreading phony information or rumors about polling times, the election date, voter-identification rules, or voter eligibility. But with voters using the Internet more for researching and supporting their voting decisions and logistics, the threat of online deception campaigns against voters has become very real this year. Expect email, instant messaging, VOIP, and cell phones in an attempt to rapidly and widely spread misinformation to voters and to disrupt the election process, accord-ing to the EPIC report.
Malicious people can easily de-termine how best to target individ-ual voters using information on the Internet and use that in their targeted attacks.
“In the context of deceptive election practices: spoofing, phishing, pharming, denial of service, and social engineering are tactics that can be used to deceive voters. In addition, rumor mongering can also impact voter participation,” the report says.
Bruce Schneier, who contributed to the report, says not to expect election officials to do much about these threats: they are still relatively new on the election scene; there’s not much they can do about them. “Basically, the moral is that dropping the cost of communication down to free means that both good and bad communication is much cheaper. We know this is true for commercial email: spam. This is also true for deceptive voting suppression practices,” says Schneier, BT’s Chief Technology Security Officer.
Dark Reading summarized the types of tactics that could be deployed online: A state election board’s website could be spoofed, with purposely deceptive information on polling-place locations, times, and voter registration rules. Phishing emails could be pushed out to voters, offering phony information on polling sites, voter records, voter registration, and voter registration status in an effort to confuse or scare away voters. Pharming emails could use hijacked domain names such as “Get Out the Vote,” according to the report, as a way to redirect voters to fraudu-lent sites. Massive attacks could be launched on voter information sites or voter help hot-lines to deny access to the site.
“Rumor-mongering” efforts could be launched that seed fake stories through blogs about election delays or cancellations “due to an emergency.” Poll workers could be targeted by social engineering tactics that result in delays in poll-location openings. A “Google bomb” could be set to boost a Web page ranking with phony links.
The EPIC report also makes recommendations to election officials and voters in how to look out for these scams and prevent them-selves from falling victim to them.
