Hackers could affect next year's US presidential election by using keyloggers, phishing messages or hacking, researchers said.Attackers could also usher in a high-tech version of voter harassment, using keyloggers installed on the PCs of campaign staff members and their families, researcher Oliver Friedrichs said on Symantec's Security Response blog.
“Crimeware can collect personal, potentially sensitive or legally questionable information about individuals that malicious actors can use either to intimidate voters or hold for ransom to sway votes,” he said.
“A carefully placed, targeted keylogger has the potential to cause material damage to a candidate in the process of an election. Such code may also be targeted toward campaign staff, family members or others who may be deemed material to the candidate's efforts.”
Other attack methods could focus on candidates' cash-collecting operations, according to Friedrichs. Attackers may use phishing attacks that impersonate official websites to scam money from prospective donors.
“Candidates have flocked to the net to communicate with constituents, as well as to raise campaign contributions online. We performed an analysis of campaign websites in order to determine to what degree they allow contributions to be made online,” he said.
“The attack of most concern may involve the diversion of internet campaign donations intended for one candidate, to another, entirely different candidate, entirely undermining voter confidence in online donations.”
Friedrichs said that phishing and denial-of-service (DoS) attacks are likely to be employed in upcoming elections and the integration of Web 2.0 technologies into political websites could open campaigns up to cross-site scripting attacks.