their online banking sessions. It then
checks the account balance and, if the
account balance is bigger than GBP
800 value, it issues a money transfer
transaction… From July 5, the cyber
criminals have successfully stolen GBP
675,000 (c. USD 1,077,000) and the at-
tack is still progressing.”
On September 29, 2010, the U.K. Po-
lice Central e-crime Unit announced
the arrest of 19 individuals accused
of using Zeus to steal $6 million from
thousands of victims over a three-
month period.
24 To this day, new Zeus
attacks continue to be discovered; for
example, in October 2010, Computer-
world reported that Zeus was attacking
Charles Schwab investment accounts,
20
with victims’ machines infected by
links to malicious sites hidden in bo-
gus LinkedIn reminders. There is even
a criminal service that will compile a
Zeus binary for a fee.
10
Impersonating the election server.
Another Internet risk involves Website spoofing. Because counterfeit
sites can be made to look like legitimate sites, spoofing can fool victims
into revealing sensitive personal information. With Internet voting, spoofing
can be used to trick voters into thinking they have actually voted when in
fact they have not, while also collecting
authentication codes and voters’ intended ballots, a violation of the right
to a secret ballot.
Phishing involves email messages
that appear to be from a legitimate organization, such as a credit-card company. The phony message contains an
authentic-looking link that appears to
go to a legitimate site but actually goes
to a spoofed site. When such email
messages and Web sites are well designed, victims end up providing sensitive information, such as credit-card
numbers. Phishing is usually used to
steal personal information, but can
also be used to trick voters into voting on a spoofed Web site. Phishing
is a powerful tool for amplifying the
power of spoofing, though its effectiveness can be reduced if voters are
instructed to always type in the full
URL of the voting Web site, instead of
just clicking on links.
A counterfeit voting site can con-
duct a man-in-the-middle attack. In its
simplest form, the counterfeit site re-
lies entirely on the real site for content,
monitoring and occasionally editing
the information flow between the voter
and the real election server. This allows
the attacker to intercept information,
such as passwords and votes, and po-
tentially to alter votes. A more complex
counterfeit could simulate a voting
session, then use the credentials col-
lected from the voter at a later time to
cast a forged ballot. Monitoring the IP
addresses from which ballots are cast
is not a defense, since multiple voters
might share the same IP address for le-
gitimate reasons.
Figure 2. Bogus enrollment screen displayed by Zeus; screenshot by Amit Klein of trusteer.