Black Hat: Typosquatting the presidential election web sites

Bad hackers haven’t caused much damage this year during the online-heavy presidential campaign. But the potential is there. Consider “typosquatting.”

There are about 160 different ways to type in the wrong web site for www.barackobama.com. Oliver Friedrichs, former director of research at Symantec, knows this because he did a study of the sites that typo squat, or exploit users’ misspellings of web site names to siphon off traffic from the official candidate’s web site for a variety of commercial or corrupt purposes.

At Black Hat today, Friedrichs described the typosquatting study as part of a broader talk offering a warning about how any big election could be threatened by a variety of different cyber attacks. The talk is partially chronicled in a chapter that he wrote for Crimeware, a new book published by Symantec Press. Typosquatting, while interesting, is one of the smaller cyber threats. Some of the more serious ones could actually undermine confidence of voters and skew election results. Fortunately, Friedrichs said, there hasn’t been a lot of use of the worst tactics yet in the current U.S. presidential campaign.

Friedrichs said that the candidates of the previous 2004 campaign raised considerable amounts of money online: John Kerry raised $82 million, while George Bush raised $14 million. This time, Obama has raised $350 million, with about 80 percent to 90 percent coming from online fundraising. About 45 percent of Democratic donors get email updates from the Obama campaign and 70 percent forward those emails. That represents a growing target for hacker attacks.

Legally, typosquatters are on thin ice. The actress Julia Roberts was able to get her domain name back from a squatter after the Internet authority ICANN ruled in her favor. Sting, whose real name is Gordon Sumner, lost his case because http://www.sting.com is a fairly generic name.

In March 2007, Friedrichs said that 17 presidential candidates had dot com sites. Typosquatters such as http://www.narackobama.com had reserved 52 of the 160 possible typo sites related to misspelling Obama’s name. Typosquatters also occupied the domain names of 58 of 191 Hillary Clinton typo sites.

By February 2008, there were 79 Clinton typo sites and 47 Obama typo sites. The funny thing, Friedrichs said, was that the Obama campaign was taking ads out on one of the typo sites, http://www.barackobams.com, even though it legally could have owned the typo site itself based on the law and regulations.

In July of last year, Friedrichs registered 124 of the typo sites himself to protect against typosquatting and to conduct his own research. He said he got as many as 8,000 visitors a month to the sites. Some of the traffic came from adware programs.

The problem of typo domains is that hackers can steal money that people donate, since they wind up typing their credit card numbers into faux donation pages.

blog comments powered by Disqus