UW Computer Security Research and Course Blog

Barack Obama’s online community, which began during the 2008 campaign as a way to bring people into the political process, has been the target of recent attacks, according to an article in PCWorld.

The site (login required) allows registered users to create their own blogs, and many attackers have taken advantage of that capability by posting images designed to trick viewers into downloading Trojan horses. For example, one attack involves tricking users into clicking an image to view a movie. If they click, they are told they need to download a codec. That “codec” is actually a Trojan horse.

Of course, this type of attack is not new. But the fact that they are happening on a web site controlled by the President of the United States is, and it raises interesting questions about who controls a site’s content, what causes a user to trust blog content, and how attackers can reach the most victims.

Naïve users who read blogs on barackobama.com might trust what they are seeing more because they trust the President. But while the site’s operators have an interest in maintaining the trustworthiness of their site, and are actively searching for and eliminating attacks, they cannot always keep up.

Attackers can also take advantage of the President’s strong reputation to reach more victims. As with any malicious web page, posting links to them on other sites increases the malicious page’s search ranking. But this effect is magnified by the popularity of the President’s site itself, which improves the search ranking of every page on it.

In the early days of the world-wide web, the notions of content-provision and site-operation were synonymous. If the operators of a site were trustworthy, then short of a redirection attack, the content of that site could also be trusted. But these notions have been split by the advent of online community sites that allows users to contribute their own content. Now, to provide a safe experience for its users, a site must not only do no harm itself, but must successfully control what other users can post. It may take some time for naïve users to realize that.

This new requirement is further complicated by the fact that the better a site operator’s reputation is, the more traffic it will have, and the more users will be inclined to trust what they see on it. That gives attackers an incentive to attack the sites with the best reputation, where they can do the most harm.

Operators wishing to maintain the reputations of their sites have two options: detection and removal, and stronger warnings to their users. Strong warnings may be undesirable for the site operator because they are essentially telling their users that their site is unsafe. That means they will need to strengthen their detection and removal, possibly requiring that postings be approved before they are made public, if they are going to keep their site safe enough to stake their reputations on.