In the United States, the political season is heating up as the country is prepping for their presidential election for the successor to Barack Obama. The whole process of political theater is almost starting to resemble Real World-style reality TV.
This event is not only being watched by citizens of the USA (and political wonks around the globe), but this spectacle is something that has cybercriminals looking for exploits. Much like sporting events like Euro 2016, the NFL Draft or World Cup, criminals know that there is the chance that they can dupe unsuspecting victims acting out of blind passion. Fans of Bernie Sanders or Donald Trump may not really focus on where a link is really leading to if they can “Click Now” to show their support.
With that in mind, we wanted to call your attention to the fact that you should be on the lookout for scams and threats that could be tied to the election.
What does free actually cost?
As of time of writing this post, it looks like the election will pit Democrat Hilary Clinton against Donald Trump from the Republican Party. Both candidates have drawn up some ire from the other side of the aisle and even a slew of free apps where you can mock them or follow along with their campaigns.
While it might let out some stress dropping poop on Trump’s head or turning Clinton into a version of Flappy Bird, there is no such thing as a free lunch. We’ve written on the data we give over for free things in the past, but for example, one of the free apps in the Play Store has access to:
Allows the user to make purchases from within this app
Device & app history
Allows the app to view one or more of: information about activity on the device, which apps are running, browsing history and bookmarks
Uses one or more of: accounts on the device, profile data
Uses the device’s location
Uses one or more of: files on the device such as images, videos, or audio, the device’s external storage
Wi-Fi connection information
Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and names of connected Wi-Fi devices
Device ID & call information
Allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call
Receive data from Internet
The majority of the developers creating the apps within the Play Store are also not verified as a “Top Developer,” while iTunes has ones being created by individuals. It’s up to you to determine if giving up your data is a good trade for you, but seems like a lot to me.
Even Official apps have issues
Speaking of private data… Earlier in the election cycle the official mobile apps of Republican candidates Senator Ted Cruz and Governor John Kasich were found to have some security flaws that potentially could have leaked personal information of their supporters. While both have since stopped their campaigns, the threats were nonetheless real for the tens of thousands of users who downloaded and voluntarily shared their personal information.
Veracode, who conducted the audit of the Cruz app, noted that the poor coding practices “could lead to leaked information, or even exploitation.” The exploits to the app were patched after the Associated Press shared the company’s findings with the campaign team.
You’ve got mail
We talk a lot about the dangers of phishing emails. In the article about the app security, the authors noted that a staffer on the Cruz campaign clicked on a phishing email that in-turn sent out emails trying to lure people to click on a link that would turn over login credentials to the hacker.
The staffer noted that a lapse in concentration led to him clicking on a bad link. As we’ve said in the past, you need to be careful whenever clicking a link.
Email has also been a hot topic on the Democratic side of the ticket. For the duration of her campaign, Mrs. Clinton’s email has been a virtual lighting rod. In March of 2015, it was uncovered that she used her family’s private email server to conduct official communications, including ones marked classified by the State Department.
The story of email has continued into this month where a hacker known as “Guccifer” has said that he breached the email server of the Clintons back in 2013 — and that it was easy. This account has not been verified, but what can be is that the FBI is investigating whether classified or Top Secret emails flowed through that server while she served as Secretary of State.
Not just federal local too
While much of the focus lies on the race for the White House, Americans will also vote on for local political seats in the general election coming this November. Local-level politics are not as well funded as the federal races, but can be none-the-less vicious. Like their federal counterparts, they are also not immune to security holes.
In February, the Florida Department of Law Enforcement arrested David Levin, who disclosed vulnerabilities that would reveal admin credentials for the Lee County state elections website.
While Levin thought he was doing the right thing, the law saw it a different way. He is facing three third-degree felony counts of property crime.
Not just America
America is not alone in the risk of hacking on the political landscape. A recent article from Bloomberg takes a deep dive into the work of Andres Sepulveda and his alleged hacking work to rig elections spanning nearly a decade. It is a good read for those fascinated with corruption, politics, or hacking.
— Bloomberg Politics (@bpolitics) April 3, 2016
Much like winter in Game of Thrones, the American Election is coming. With it, we will see criminals trying to catch unsuspecting victims. We urge you to use your best judgment when downloading apps to mock a candidate, clicking on links to show your support or even installing that official app. While there is a phrase Rock the Vote, we’d rather you Rock at Security and make sure you don’t get caught in a trap.