Feeds

Hackers stuff ballot box for Time Magazine's top 100 poll

'World's most influential' list is mooted

Secure remote control for conventional and virtual desktops

Time Magazine's poll of the 100 most influential people has been hacked by a motley band of online troublemakers who have managed to manipulate the top 21 names so their first letters spell "marblecake, also the game."

According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web application that Time used to record reader votes. As a result, moot, the 20-something founder of 4chan, tops the list, which Time bills as "the world's most influential people in government, science, technology and the arts."

"Ultimately, this hack involved lots of work and a little bit of luck," Lamere wrote. "Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moot's favor. Others sprinkled the spam URLs throughout the forums tricking the 'competition' into voting for moot."

Time spokeswoman Betsy Burton confirmed the hack. "We took many preventative measures to maintain the integrity of the Time 100 poll on Time.com, and moot has a passionate community of users who worked to influence the poll," she wrote in an email.

According to Lamere, the hack involved two perl scripts. The first located the highest-rated person in the poll who wasn't one of the desired 21 winners and voted the person down. A second program made sure that each of the 21 names were rated in the proper order. In all, the scripts comprised less than 200 lines of code.

The hack worked because Time's web application allowed votes to be cast by submitting a simple URL get request. Hitting the address http://www.timepolls.com/contentpolls/Vote.do?pollName=time100_2009&id=1883924&rating=1, for example, automatically registered a vote in favor of the Korean pop star Rain, who has dominated the Time poll in previous years. (He's listed as No. 22 this time around.)

During early rounds, the voting application employed no authentication or validation, allowing tricksters to stuff the virtual ballot box with an unlimited number of votes. The result was a 300-percent rating for moot. Eventually, votes required an MD5 hash of the URL and a secret word, but the 4chan members worked around this measure after discovering the word in an Adobe Flash application employed by Time.

The hackers crafted several autovoters that voted people up or down as needed. They worked around restrictions that allowed an IP address to vote for a candidate every 13 seconds by cycling through a list of candidates. Strangely, there were no caps placed on his IP address at all, an oddity one of the hackers guesses was the result of the voting app not being able to work with the IPv6 address he used.

Marblecake, by the way, is the IRC channel where 4chan's Message to Scientology video originated.

It's only the latest online prank to be orchestrated by members of 4chan. The group is also credited with starting the Rickrolling and lolcats memes. Now the group has managed to make Time look silly while nominating one of their own as the magazine's most influential person. ®

The essential guide to IT transformation

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.