The "Time 100" is the magazine's attempt to let readers build a definitive list of the 100 most influential people in government, science, technology and the arts. That is, until a group of 4chan members got involved.
Thanks to a poorly configured Web polling application, this year's crowdsourced list was inundated with fake votes in order to display a mysterious message. Blogger Paul Lamere was given an insider's explanation of the hack, and describes how Time never really had a chance:
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
In early stages of the poll, Time.com didn't have any authentication or validation - the door was wide open to any client that wanted to stuff the ballot box.
Soon afterward, it was discovered that the Time.com Poll didn't even range check its parameters to ensure that the ratings fell within the 1 to 100 range. The autovoters were adapted to take advantage of this loophole, which resulted in the Time.com poll showing moot with a 300% rating, while all other candidates had ratings far below zero.
Shortly afterward, one of the members discovered that the 'salt', the key to authenticating requests, was poorly hidden in Time.com's voting flash application and could be extracted.
Another challenge faced by the autovoters was that if you voted for the same person more often than once every 13 seconds, your IP would be banned from voting. However, it was noticed that you could cycle through votes for other candidates during those 13 seconds. The autovoters quickly adapted.
The hackers didn't just rig the top result, or the top 10. They arranged the top 21 winners so that the first letters of their names spelled out "MARBLECAKE, ALSO THE GAME." Result No. 1 was "moot," the pseudonym of Christopher Poole, operator of the not-at-all-safe-for-work imageboard 4chan.
Lamere says his pseudonymous contacts within the 4chan community said "the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters."
In the days since the hack was revealed, the "Marble Cake" message has gradually started to become scrambled in the results, but no matter: The list is still based on an untold number of bogus votes, and cannot be treated as an accurate gauge of the public's opinion. We contacted Time for comment, but a promised explanation from Time's editorial department never materialized.
As for 4chan, why would members bother scrambling the online poll of a frumpy news mag? There is no why. They did it for the lulz.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive InfoWorld Resource Alerts
Recommend This
