RealTime IT News

Black Hat : Hillary Beats Obama

blackhat.jpg
WASHINGTON, DC.  While Barack Obama may be leading Hillary Clinton in some measures, he's actually fallen behind Clinton in at least one interesting computer security related metric.

According to Oliver Friedrichs Director of emerging technologies

at Symantec, typo squatting on Hillary Clinton related domain names has outpaced typo squatting on Barack Obama domain names over the last six months.

Speaking at the Black Hat security conference in Washington DC in a session on Threats to the 2008 Election, Friedrichs explained that there are at least five different types of typos that are common in domains. Among them are domains that are missing the first period delimiter, domains that use a surrounding character, missing characters, additional characters and reversing characters.

Friedrichs did his first study in August and found that for the Barack Obama campaign 33 percent of possible typos for his principal domain had been registered by people other than the Obama campaign. Hillary Clinton only had 30 percent in August.

In February the number flip flopped with Clinton having 41 percent of possible typos for her domain registered by others whereas Obama slipped to 29 percent.

Typo squatting is something that Friedrichs alleged is a potential threat to the 2008 US Federal election. He argued that if used maliciously the typo squatting  domains could  be a source for misinformation, misdirected campaign donations as well as misdirected emails. A potential visitor could mistakenly have a typo in an email message as easily as a web address.

Friedrichs didn't just watch others that were typo squatting as part of his research. He actually went a step further and registered 124 typo squatting domains of his own on 2008 presidential candidate name typos. He was quick to note that he was trying to protect the campaigns and not profit from them and is giving the domains to the respective campaigns.

He did however track traffic on the typo squatting domains that he owned, which provides an interesting glimpse into how much traffic a candidate typo URL could potentially yield. From January 25th to February 15th Friedrichs reported that his 124 typo squatting candidate URL had 3,290 unique visitors. The biggest day was Super Tuesday and the domain with the most traffic was Baraackobama.com (typo on the extra 'a').

Though the traffic that Friedrichs himself saw wasn't all that much he argued even a little could do a harm. On a lighter note Friedrichs  showed at least one example where the typo squatter site is all about making a mockery of a candidate. The hillaryclingon.com site go see for yourself...Hillary as a Klingon!).

Beyond typo squatting Friedrichs also sees potential risks from phishing and other sorts of common online scams. Far from being a FUD monger, overall Friedrichs admitted that so far the campaigns are reasonably secure.

"Clearly campaigns need to do
things to protect themselves," Friedrichs said. "But in general theyr'e reasonably secure and no worse
off than organization are generally around the world."

Comment and Contribute