Feeds

Hackers stuff ballot box for Time Magazine's top 100 poll

'World's most influential' list is mooted

Beginner's guide to SSL certificates

Time Magazine's poll of the 100 most influential people has been hacked by a motley band of online troublemakers who have managed to manipulate the top 21 names so their first letters spell "marblecake, also the game."

According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web application that Time used to record reader votes. As a result, moot, the 20-something founder of 4chan, tops the list, which Time bills as "the world's most influential people in government, science, technology and the arts."

"Ultimately, this hack involved lots of work and a little bit of luck," Lamere wrote. "Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moot's favor. Others sprinkled the spam URLs throughout the forums tricking the 'competition' into voting for moot."

Time spokeswoman Betsy Burton confirmed the hack. "We took many preventative measures to maintain the integrity of the Time 100 poll on Time.com, and moot has a passionate community of users who worked to influence the poll," she wrote in an email.

According to Lamere, the hack involved two perl scripts. The first located the highest-rated person in the poll who wasn't one of the desired 21 winners and voted the person down. A second program made sure that each of the 21 names were rated in the proper order. In all, the scripts comprised less than 200 lines of code.

The hack worked because Time's web application allowed votes to be cast by submitting a simple URL get request. Hitting the address http://www.timepolls.com/contentpolls/Vote.do?pollName=time100_2009&id=1883924&rating=1, for example, automatically registered a vote in favor of the Korean pop star Rain, who has dominated the Time poll in previous years. (He's listed as No. 22 this time around.)

During early rounds, the voting application employed no authentication or validation, allowing tricksters to stuff the virtual ballot box with an unlimited number of votes. The result was a 300-percent rating for moot. Eventually, votes required an MD5 hash of the URL and a secret word, but the 4chan members worked around this measure after discovering the word in an Adobe Flash application employed by Time.

The hackers crafted several autovoters that voted people up or down as needed. They worked around restrictions that allowed an IP address to vote for a candidate every 13 seconds by cycling through a list of candidates. Strangely, there were no caps placed on his IP address at all, an oddity one of the hackers guesses was the result of the voting app not being able to work with the IPv6 address he used.

Marblecake, by the way, is the IRC channel where 4chan's Message to Scientology video originated.

It's only the latest online prank to be orchestrated by members of 4chan. The group is also credited with starting the Rickrolling and lolcats memes. Now the group has managed to make Time look silly while nominating one of their own as the magazine's most influential person. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.