Today (Tuesday) is election day in the US. Many voters have already cast their ballot via absentee and early voting, but the vast majority will vote today. Like any major event, this is likely going to be used and abused in some way online. Here are some of the network security related issues to watch out for:
Search Engine Poisoning
This is an issue we have certainly seen less off this year. Search engines appear to get a better handle at poisoning of common search terms by black hat SEO operations. But it doesn't mean it isn't happening, and this is an event with a long lead time so it is possible that we see something new and different.
Social Media Links
Facebook as been pretty crowded lately with statements supporting various candidates. So far, I haven't seen this used maliciously, but it is an obvious easy target to introduce a link to a malicious version of a popular video clip. Of course fake late breaking news could be used to sway some last minute decisions, but it is likely too late for that.
This year, we have seen plenty of politically motivated DDoS attacks. It would be no surprise, to see more of that tomorrow. On the other hand, large news sites will see record viewer numbers, and likely very dynamic frequently updated content. This will make them even more vulnerable to a DDoS attack, or it may be hard to figure out if a site is down or slow due to a DDoS attack or just "normal" high load. If you still have a TV or a Radio, it maybe a more reliable source of the latest news.
We have seen some use of twitter to amplify fringe messages in the last couple months. For example stories about looting ahead of the hurricane Sandy, or suggestions of riots after the election. Needless to say: It is not true if it is tweeted. (even though it is on the internet, and we know everything on the internet is true ;-) ). Don't spread/re-tweet rumors. Also, the "late breaking scandal" may use twitter. See the "social media" comment above.
Polling Place Locations
Refer to official guides, and official websites to find out where to vote. Polling places can change from election to election and you may be standing in line only to be told that you are in the wrong location. So far, this has not been abused but misinformation has been spread via outdated unofficial sites.
only use official information from the original official source. If at all possible, use printed material like sample ballots that you received in the mail (not that they are always right), and refer to URLs that you have bookmarked in the past. There have been some news reports that areas affected by hurricane Sandy will allow for special voting arrangements like e-mail. Please confirm with an official source before e-mailing or faxing your vote. I will try and collect some of these sources here later.
Anything I forgot? (of course: go and vote if you are eligible to do so).Defending Web Applications Security Essentials - SANS Security West 2019
Nov 6th 2012
6 years ago