« Richardson Raises Six, Efficiently Keeps 5 | Main | Good Morning, Giuliani Campaign »

April 02, 2007

On The Download: The Department of Homepage Insecurity

onthedownloadlogo.JPG

Welcome back to On The Download, your dispatch on politechs: Politics, Multimedia and the Internet. If you have tips, comments, or suggestions, email us.

If you were watching the Web closely last week, you might have thought Sen. John McCain, R-Ariz., had reversed his position on gay marriage, in particular allowing for "passionate females" to wed. You might have also noticed Sen. Barack Obama's, D-Ill., YouTube channel views skyrocket into the millions, exponentially higher than the other candidates and the sum of his own videos' individual views.

In the first case, McCain's campaign was the victim of an Internet prank. According to Tech Crunch, McCain's MySpace page borrowed a template for his page and didn't credit the creator, Newsvine.com CEO Mike Davidson. As a result, Davidson decided to have a little fun with McCain's campaign by changing the template to play a joke on the Senator's position on gay marriage.

Colin Delany, an ePolitics.com editor who writes about politics and technology, said the mistake could have been easily avoided.

"They just didn't think it out," said Delany. "Another rookie mistake is using someone's work without attribution. All the guy really wanted was a credit."

[SHIRA TOEPLITZ].

It's less clear about what went on at Obama's YouTube channel page. TechPresident.com editor Joshua Levy wanted to see whether he could artificially raise the number of views. Levy put up a test video on YouTube and then set up his Web browser to automatically refresh the video's page every ten seconds. Through this test, Levy proved it's possible to fake high view numbers with some simple technological skills. And although YouTube has not addressed the incident directly in the media thus far, the company said via a statement last week that they're looking into the matter.

"We don't have any direct evidence anybody was doing anything," said Levy. "But we have highly suspicious numbers and our own experience, it was clear to us that somebody was doing something out there."

Regardless of the impact of these two incidents, both show just how easy it is to game the system when campaigns are using programs hosted by third parties. The results were relatively harmless this time, but the insecurity of hosting campaign information away from home base can be a risk for campaigns. It's a challenge that's going to be especially hard for candidates in 2008, many of whom will certainly draw ire from any opponent with a keyboard.

Caleb Sima, the CTO and co-founder of Web applications security development firm SPI Dynamics, recalls an incident in late 2005 when a worm named "Samy" infected 1.5 million MySpace profiles. Since then, he said, people have taken the same method and applied it to other worms that can take over someone's browser just by gazing at a MySpace profile.

Sima also suggested that some technology experts looking to make a political statement could take over a candidates' online profile to post unfavorable comments to supporters.

"In today's day, it's fairly easy to do," Sima continued. "If I was an attacker, and I wanted to break into YouTube, I probably could. It's a matter of time and dedication and how smart you are."

Just how easy is it to find a hole in the system? Ask "Momby," otherwise known as the semi-anonymous duo behind "Month of MySpace Bugs." For the entire month of April, this pair will release what they have deemed to be a MySpace bug every day. But for an example that hits closer to home, ask one of the campaigns whose Web sites went down on days that voters were heading to the polls in 2006.

"I'm not sure what kind of real dirty tricks we're going to see this time," said Delany. "Third parties can do it without any knowledge of the campaign... Campaigns are not just vulnerable to their rivals, but anyone out on the Internet that may want to cause them harm, so they better run a pretty tight ship."


Posted at 06:27 AM

Comments


One should not be surprised if John McCain really changed his stance and supported gay marriage between passionate women to gain few cheap votes from the constituency of "lesbian passionate women". This double talk express has been derailed from its track so long that mcCain has become a joke. I was shocked to see his Dukkakis moment so early in the campaign when he walked on Baghdad street with hundreds of security men, armored vehicles and air cover. What a farse! McCain is becoming more and more desparate.

Peter | 04.02.07 09:03 AM


Are you kidding me? Obama's team lacks the technological know-how to create even a simple, campaign changing rip-off of a super bowl ad and post it on You Tube. It's way too expensive and technically complex. There's no way they could be faking their views via a web script that would take any semi-experienced blogger 5 minutes to write. Oh wait...

james | 04.02.07 10:08 AM


McCain's campaign didn't merely "borrow" a template. They linked to a graphic hosted on somebody else's site, meaning that the third party had to pay bandwidth charges every time somebody viewed McCain's page. That's a whole lot closer to "stealing" than "borrowing".

MikeJ | 04.02.07 11:31 AM

Post a comment





Remember Me?

(you may use HTML tags for style)

By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Hotline On Call does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.


Copyright 2008 by National Journal Group Inc.
The Watergate · 600 New Hampshire Ave., NW
Washington, DC 20037
202-739-8400 · fax 202-833-8069
NationalJournal.com is an Atlantic Media publication.