Black Hat: U.S. cybersecurity director talks democracy, cyberjustice

Political typo-squatting proliferates, security researcher finds

LAS VEGAS -- The director of the National Cyber Security Center (NCSC), Rod Beckstrom, wants to see the nation’s traditions of democracy and human rights extend into the online world.

In his keynote at this year’s Black Hat conference, Beckstrom praised America’s founders, including George Mason, for devising the Bill of Rights and compared Mason’s ideas about human rights to “an open source module” created by an engineer for all to use.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

LAS VEGAS -- The director of the National Cyber Security Center (NCSC), Rod Beckstrom, wants to see the nation’s traditions of democracy and human rights extend into the online world.

In his keynote at this year’s Black Hat conference, Beckstrom praised America’s founders, including George Mason, for devising the Bill of Rights and compared Mason’s ideas about human rights to “an open source module” created by an engineer for all to use.

Click to see: Rod Beckstrom, director, NCSC

“Cyberdemocracy — blogging — is a great use of our First Amendment rights,” said Beckstrom, who heads up the Department of Homeland Security’s new NCSC division.

He expressed optimism that one day there could be automated online elections polling. Beckstrom also said cyberjustice is critical, noting that just this week the Department of Justice moved to indict 11 individuals accused of operating a massive stolen credit-card ring connected to a number of network break-ins, including that of TJX.

In his role to help coordinate the nation’s cybersecurity, Beckstrom said he’s getting involved in projects such as analyzing how funds should be spent on protecting electronic communications. He referred to the “economics of protocols,” noting that BGP, DNS, SMS/IP and plain old telephone service may be the best basis for investments. “We want to invest in protocols because it’s one of the most-effective [ways to invest in security],” he said, pointing to work the government is funding on DNSSEC.

Political typo-squatting

One presentation at Black Hat yesterday took up the topic of the U.S. presidential elections and how candidates’ efforts to communicate with the public and accept contributions are working in the 2008 election season.

In a talk titled “Threats to the 2008 Presidential Election,” Oliver Friedrichs, who recently left Symantec’s security-research division, presented extensive analysis of candidates’ Web site operations. His analysis (done while at Symantec) also investigated the impact of typo-squatting, the practice of establishing Web sites based on misspellings or mimicry of legitimate sites.

Barack Obama appeared to be the most “typo-squatted” candidate, Friedrichs said. These typo-squatted sites can quickly bounce on and off the Web, and in an era when a huge portion of political contributions and publicity is done online, pose a threat to anyone running for election.

To find out something about it, Symantec itself last year registered 124 typo-squatted domains focused on the names of candidates Barack Obama, Mitt Romney and Hillary Clinton for six months. It set up Apache Web servers to collect data on how many visitors reached them by mistake, probably thinking they were going to the candidates’ real sites. Symantec, which shared information about what it was doing with the candidates’ organizations, saw about 351 hits per day.

“This is a serious problem that extends to any domain-name owner,” said Friedrichs, now an independent security expert. He noted Symantec also saw well-known U.S. defense contractors with typo domains that, strangely, were registered to Chinese operatives.