Feeds

Hackers stuff ballot box for Time Magazine's top 100 poll

'World's most influential' list is mooted

5 things you didn’t know about cloud backup

Time Magazine's poll of the 100 most influential people has been hacked by a motley band of online troublemakers who have managed to manipulate the top 21 names so their first letters spell "marblecake, also the game."

According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web application that Time used to record reader votes. As a result, moot, the 20-something founder of 4chan, tops the list, which Time bills as "the world's most influential people in government, science, technology and the arts."

"Ultimately, this hack involved lots of work and a little bit of luck," Lamere wrote. "Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moot's favor. Others sprinkled the spam URLs throughout the forums tricking the 'competition' into voting for moot."

Time spokeswoman Betsy Burton confirmed the hack. "We took many preventative measures to maintain the integrity of the Time 100 poll on Time.com, and moot has a passionate community of users who worked to influence the poll," she wrote in an email.

According to Lamere, the hack involved two perl scripts. The first located the highest-rated person in the poll who wasn't one of the desired 21 winners and voted the person down. A second program made sure that each of the 21 names were rated in the proper order. In all, the scripts comprised less than 200 lines of code.

The hack worked because Time's web application allowed votes to be cast by submitting a simple URL get request. Hitting the address http://www.timepolls.com/contentpolls/Vote.do?pollName=time100_2009&id=1883924&rating=1, for example, automatically registered a vote in favor of the Korean pop star Rain, who has dominated the Time poll in previous years. (He's listed as No. 22 this time around.)

During early rounds, the voting application employed no authentication or validation, allowing tricksters to stuff the virtual ballot box with an unlimited number of votes. The result was a 300-percent rating for moot. Eventually, votes required an MD5 hash of the URL and a secret word, but the 4chan members worked around this measure after discovering the word in an Adobe Flash application employed by Time.

The hackers crafted several autovoters that voted people up or down as needed. They worked around restrictions that allowed an IP address to vote for a candidate every 13 seconds by cycling through a list of candidates. Strangely, there were no caps placed on his IP address at all, an oddity one of the hackers guesses was the result of the voting app not being able to work with the IPv6 address he used.

Marblecake, by the way, is the IRC channel where 4chan's Message to Scientology video originated.

It's only the latest online prank to be orchestrated by members of 4chan. The group is also credited with starting the Rickrolling and lolcats memes. Now the group has managed to make Time look silly while nominating one of their own as the magazine's most influential person. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.