{"id":7173,"date":"2016-05-12T08:35:43","date_gmt":"2016-05-12T12:35:43","guid":{"rendered":"https:\/\/kasperskydaily.com\/uk\/?p=7173"},"modified":"2019-11-22T10:10:28","modified_gmt":"2019-11-22T10:10:28","slug":"2016-usa-election","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/2016-usa-election\/7173\/","title":{"rendered":"US election season brings political hijinks"},"content":{"rendered":"

In the United States, the political season is heating up as the country is preparing\u00a0for their presidential election for the successor to Barrack Obama. The whole process of political theatre is almost starting to resemble Real World<\/i>-style reality TV.<\/p>\n

This event is not only being watched by citizens of the USA (and political wonks around the globe), but this spectacle is something that has cyber-criminals looking for exploits. Much like sporting events like Euro 2016<\/a>, the NFL Draft<\/a> or World Cup<\/a>, criminals know that there is the chance that they can dupe unsuspecting victims acting out of blind passion. Fans of Bernie Sanders or Donald Trump may not really focus on where a link is really leading to if they can \u201cClick Now\u201d to show their support.<\/p>\n

With that in mind, we wanted to call your attention to the fact that you should be on the lookout for scams and threats that could be tied to the election.<\/p>\n

What does free actually cost?<\/h3>\n

As of time of writing this post, it looks like the election will pit Democrat Hilary Clinton against Donald Trump from the Republican Party. Both candidates have drawn up some ire from the other side of the aisle and even a slew of free apps where you can mock them or follow along with their campaigns.<\/p>\n

\"political-madness-android\"<\/p>\n

While it might let out some stress dropping poop on Trump\u2019s head or turning Clinton into a version of Flappy Bird, there is no such thing as a free lunch. We\u2019ve written on the data we give over for free things in the past, but for example, one of the free apps in the Play Store has access to:<\/p>\n

In-app purchases<\/b>
\nAllows the user to make purchases from within this app<\/p>\n

Device & app history<\/b>
\nAllows the app to view one or more of: information about activity on the device, which apps are running, browsing history and bookmarks<\/p>\n

Identity<\/b>
\nUses one or more of: accounts on the device, profile data<\/p>\n

Location<\/b>
\nUses the device\u2019s location<\/p>\n

Photos\/Media\/Files<\/b>
\nUses one or more of: files on the device such as images, videos, or audio, the device\u2019s external storage<\/p>\n

Wi-Fi connection information<\/b>
\nAllows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and names of connected Wi-Fi devices<\/p>\n

Device ID & call information<\/b>
\nAllows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call<\/p>\n

Other<\/b>
\nReceive data from Internet<\/p>\n

The majority of the developers creating the apps within the Play Store are also not verified as a \u201cTop Developer,\u201d while iTunes has ones being created by individuals. It\u2019s up to you to determine if giving up your data is a good trade for you, but seems like a lot to me.<\/p>\n

\"political-madness-ios\"<\/p>\n

Even Official apps have issues<\/h3>\n

Speaking of private data\u2026 Earlier in the election cycle the official mobile apps of Republican candidates Senator Ted Cruz and Governor John Kasich were found to have some security flaws<\/a> that potentially could have leaked personal information of their supporters<\/a>. While both have since stopped their campaigns, the threats were nonetheless real for the tens of thousands of users who downloaded and voluntarily shared their personal information.<\/p>\n

Veracode, who conducted the audit of the Cruz app, noted that the poor coding practices \u201ccould lead to leaked information, or even exploitation.\u201d The exploits to the app were patched after the Associated Press shared the company\u2019s findings with the campaign team.<\/p>\n

You\u2019ve got mail<\/h3>\n

We talk a lot about the dangers of phishing emails. In the article about the app security, the authors noted that a member of staff\u00a0on the Cruz campaign clicked on a phishing email that in-turn sent out emails trying to lure people to click on a link that would turn over login credentials to the hacker.<\/p>\n

The member of staff\u00a0noted that a lapse in concentration led to him clicking on a bad link. As we\u2019ve said in the past, you need to be careful whenever clicking a link.<\/p>\n

Email has also been a hot topic on the Democratic side of the ticket. For the duration of her campaign, Mrs. Clinton\u2019s email has been a virtual lighting rod. In March of 2015, it was uncovered that she used her family\u2019s private email server<\/a> to conduct official communications, including ones marked classified by the State Department.<\/p>\n

The story of email has continued into this month where a hacker known as \u201cGuccifer\u201d has said that he breached the email server<\/a> of the Clinton\u2019s back in 2013 \u2014 and that it was easy. This account has not been verified, but what can be is that the FBI is investigating whether classified or Top Secret emails flowed through that server while she served as Secretary of State<\/a>.<\/p>\n

Not just federal local too<\/h3>\n

While much of the focus lies on the race for the White House, Americans will also vote on for local political seats in the general election coming this November. Local-level politics are not as well funded as the federal races, but can be none-the-less vicious. Like their federal counterparts, they are also not immune to security holes.<\/p>\n

In February, the Florida Department of Law Enforcement arrested David Levin, who disclosed vulnerabilities that would reveal admin credentials for the Lee County state elections website.<\/p>\n