Feeds

Hackers stuff ballot box for Time Magazine's top 100 poll

'World's most influential' list is mooted

The essential guide to IT transformation

Time Magazine's poll of the 100 most influential people has been hacked by a motley band of online troublemakers who have managed to manipulate the top 21 names so their first letters spell "marblecake, also the game."

According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web application that Time used to record reader votes. As a result, moot, the 20-something founder of 4chan, tops the list, which Time bills as "the world's most influential people in government, science, technology and the arts."

"Ultimately, this hack involved lots of work and a little bit of luck," Lamere wrote. "Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moot's favor. Others sprinkled the spam URLs throughout the forums tricking the 'competition' into voting for moot."

Time spokeswoman Betsy Burton confirmed the hack. "We took many preventative measures to maintain the integrity of the Time 100 poll on Time.com, and moot has a passionate community of users who worked to influence the poll," she wrote in an email.

According to Lamere, the hack involved two perl scripts. The first located the highest-rated person in the poll who wasn't one of the desired 21 winners and voted the person down. A second program made sure that each of the 21 names were rated in the proper order. In all, the scripts comprised less than 200 lines of code.

The hack worked because Time's web application allowed votes to be cast by submitting a simple URL get request. Hitting the address http://www.timepolls.com/contentpolls/Vote.do?pollName=time100_2009&id=1883924&rating=1, for example, automatically registered a vote in favor of the Korean pop star Rain, who has dominated the Time poll in previous years. (He's listed as No. 22 this time around.)

During early rounds, the voting application employed no authentication or validation, allowing tricksters to stuff the virtual ballot box with an unlimited number of votes. The result was a 300-percent rating for moot. Eventually, votes required an MD5 hash of the URL and a secret word, but the 4chan members worked around this measure after discovering the word in an Adobe Flash application employed by Time.

The hackers crafted several autovoters that voted people up or down as needed. They worked around restrictions that allowed an IP address to vote for a candidate every 13 seconds by cycling through a list of candidates. Strangely, there were no caps placed on his IP address at all, an oddity one of the hackers guesses was the result of the voting app not being able to work with the IPv6 address he used.

Marblecake, by the way, is the IRC channel where 4chan's Message to Scientology video originated.

It's only the latest online prank to be orchestrated by members of 4chan. The group is also credited with starting the Rickrolling and lolcats memes. Now the group has managed to make Time look silly while nominating one of their own as the magazine's most influential person. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.