15 April 2009

How the Time.com poll was "precision hacked"


Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers...

A little investigation showed that a poll vote could be submitted just by doing an HTTP get on the URL... Soon afterward, several people crafted ‘autovoters’ that would use the simple voting URL protocol to vote for moot. These simple autovoters could be triggered by an easily embeddable ’spam URL’...

Soon afterward, it was discovered that the Time.com Poll didn’t even range check its parameters to ensure that the ratings fell within the 1 to 100 range. The autovoters were adapted to take advantage of this loophole, which resulted in the Time.com poll showing moot with a 300% rating, while all other candidates had ratings far below zero...

At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs - why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”.
I had earlier seen a post of the table above, showing the hidden message in the final result, but had no idea how it was done. This article at Music Machinery explains the process in detail.

I'm blogging this to supplement the post earlier today re religion to emphasize again that NO internet poll should be assumed to have ANY statistical validity. Read them or participate in them for your amusement; there's no "information" there.

3 comments:

  1. more glorious than I had originally guessed... thank you TYWKIWDBI

    ReplyDelete
  2. I think Nate Silver is reliable: www.fivethirtyeight.com.

    ReplyDelete
  3. Barb - I agree, but the difference is between sites that conduct polls and present the data online versus those that collect their data online. It's the latter that tend to be unreliable. There are lots of reliable poll data sources on the web, as you point out

    ReplyDelete