informa
/
Perimeter
News

'Block the Vote' Tactics Go Online This Election

Electronic Privacy Information Center predicts potential for spoofed Websites, fake VOIP call blasts, phishing, and DOS - to suppress voters

Voter suppression and deception tactics could go online in the final days or hours of this hotly contested Presidential election season -- including spoofing voting and campaign Websites, fake voice-call blasts via VOIP, phishing, and denial-of-service attacks on legitimate polling Websites -- according to a new report released this week.

There already have been online attempts to disrupt the election activity of specific blocks of voters, according to the Electronic Privacy Information Center’s (EPIC) E-Deceptive Campaign Practices Report. Phony emails were sent to Florida voters stating that they would be unable to vote if their ID didn’t match a state database; robo-calls went to women voters in North Carolina with false information about their voter registration status; and fake emails were sent to voters in Maryland saying they would be barred from voting if their home was under foreclosure.

Voter suppression campaigns traditionally have used misleading telephone calls, direct mail, and mass literature drops designed to confuse or inhibit voters from casting their ballots. Typical tricks include spreading phony information or rumors about polling times, the election date, voter-identification rules, or voter eligibility. But with voters using the Internet more for researching and supporting their voting decisions and logistics, the threat of online deception campaigns against voters has become very real this year -- using email, instant messaging, VOIP, and cell phones in an attempt to rapidly and widely spread misinformation to voters and to disrupt the election process, according to the EPIC report.

Worries over voter suppression have intensified as voter registration numbers have hit near-record marks for this election. And online deceptive tactics will be tougher to identify and stop than traditional ground-game methods.

“Prevention of electronic deceptive practices will be as difficult, or more so, than attempts to prevent those launched by deceptive land-line telephone calls, direct mail, or knock and drop campaign efforts,” the report says. “The challenge of stopping electronic deceptive campaign practices are difficult because the source of the attack can be from any location around the globe, the launch of an attack can be timed to begin within hours of an election; and tracing the source of the attack can be time consuming and not yield actionable results.”

Unscrupulous people can easily “profile” voters using widely available information on the Internet and use that in their targeted attacks, the report says.

“In the context of deceptive election practices ‘spoofing,’ ‘phishing,’ ‘pharming,’ ‘denial of service,’ and ‘social engineering’ are tactics that can be used to deceive voters. In addition, ‘rumor mongering’ can also impact voter participation,” the report says.

Bruce Schneier, a co-contributor to the report, says he doesn't expect election officials to do much about these threats because they are still relatively new on the election scene, and there's not much they can do about them in some cases, anyway. "Basically, the moral is that dropping the cost of communication down to free means that both good and bad communication is much cheaper. We know this is true for commercial email: spam. This is also true for deceptive voting suppression practices," says Schneier, who is chief security technology officer at BT.

Here’s a look at the types of unsavory tactics that could be deployed online:

A state election board’s Website could be spoofed, for instance, with purposely deceptive information on polling-place locations, times, and voter registration rules.

Phishing emails could be pushed out to voters, offering phony information on polling sites, voter records, voter registration, and voter registration status in an effort to confuse or scare away voters, for instance.

Pharming emails could use hijacked domain names such as "Get Out the Vote," according to the report, as a way to redirect voters to fraudulent sites.

DOS attacks could be launched on voter information sites or voter help hotlines in order to disrupt the process.

"Rumor-mongering" efforts could be launched that seed fake stories through blogs about election delays or cancellations “due to an emergency.”

Poll workers could be targeted by social engineering tactics that result in delays in poll-location openings or other disruptions

A “Google bomb" could be set to boost a Web page ranking with phony links.

The EPIC report also provides recommendations for election officials and voters in how to look out for these scams and prevent themselves from falling victim to them. The report was issued in conjunction with a legal and policy report on these online voter suppression threats that EPIC co-authored with Common Cause and the Lawyers Committee for Civil Rights Under Law.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5