There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a Message embedded deep in the digits of PI. The Message is perhaps an artifact of an extremely advanced intelligence that apparently manipulated one of the fundamental constants of the universe as a testament to their power as they wove space and time. I’m reminded of this scene by the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts. Just as Ellie found a Message embedded in PI, we find a Message embedded in the results of this poll. Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers.
At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked. Naturally, I was a bit suspicious. Anyone could claim to be responsible for the hack – but I ventured onto the IRC channel (feeling a bit like a Woodward or Bernstein meeting Deep Throat in a parking garage). After talking to ‘Zombocom’ (not his real nick) for a few minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works.
The Beginning
Zombocom told me that it all started out when the folks that hang out on the random board of 4chan (sometimes known as /b/) became aware that Time.com had enlisted moot (the founder of 4chan) as one of the candidates in the Time.com 100 poll. A little investigation showed that a poll vote could be submitted just by doing an HTTP get on the URL:
http://www.timepolls.com/contentpolls/Vote.do
?pollName=time100_2009&id=1883924&rating=1
where ID is a number associated with the person being voted for (in this case 1883924 is Rain’s ID).
Soon afterward, several people crafted ‘autovoters’ that would use the simple voting URL protocol to vote for moot. These simple autovoters could be triggered by an easily embeddable ‘spam URL’. The autovoters were very flexible allowing the rating to be set for any poll candidate. For example, the URL
http://fun.qinip.com/gen.php?id=1883924
&rating=1&amount=160
could be used to push 160 ratings of 1 (the worst rating) for the artist Rain to the Time.com poll.
In early stages of the poll, Time.com didn’t have any authentication or validation – the door was wide open to any client that wanted to stuff the ballot box. Soon these autovoting spam urls were sprinkled around the web voting up moot. If you were a fan of Rain, it is likely that when you visited a Rain forum, you were really voting for moot via one of these spam urls.
Soon afterward, it was discovered that the Time.com Poll didn’t even range check its parameters to ensure that the ratings fell within the 1 to 100 range. The autovoters were adapted to take advantage of this loophole, which resulted in the Time.com poll showing moot with a 300% rating, while all other candidates had ratings far below zero. Time.com apparently noticed this and intervened by eliminating millions of votes for moot and restoring the poll to a previous state (presumably) from a backup. Shortly afterward, Time.com changed the protocol to attempt to authenticate votes by requiring that a key be appended to the poll submission URL that consisted of an MD5 hash of the URL + a secret word (AKA ‘the salt’).
“Needless to say, we were enraged” says Zombocom. /b/ responded by getting organized – they created an IRC channel (#time_vote) devoted to the hack, and started to recruit. Shortly afterward, one of the members discovered that the ‘salt’, the key to authenticating requests, was poorly hidden in Time.com’s voting flash application and could be extracted. With the salt in hand – the autovoters were back online, rocking the vote.
Another challenge faced by the autovoters was that if you voted for the same person more often than once every 13 seconds, your IP would be banned from voting. However, it was noticed that you could cycle through votes for other candidates during those 13 seconds. The autovoters quickly adapted to take advantage of this loophole interleaving up-votes for moot with down-votes for the competition ensuring that no candidate received a vote more frequently than once every 13 seconds, while maximizing the voting leverage.
One of the first autovoters was MOOTHATTAN. This is a simple moot up-voter that will vote for moot about 100 times per minute. (Warning, just by visiting that site, you’ll invoke the autovoter – so if you don’t want to hack the vote, you should probably skip the visit).
Here’s a screenshot of another autovoter, a program called Mooter, developed by rdn:
Mooter is a Delphi app (windows only) that can submit about 300 votes per minute from a single IP address. It will also take advantage of any proxies and cycle through them so that the votes appear to be coming from multiple IP addresses. rdn, the author of Mooter, has used Mooter to submit 20 thousand votes in a single 15 minute period. In the last two weeks, (when rdn started keeping track) Mooter alone has submitted 10,000,000 votes (about 3.3% of the total number of poll votes).
From the screenshot you can see that Mooter is quite a sophisticated application. It allows fine grained control over who receives votes, what type of rating they get, voting frequency, the proxy cycle, along with charts and graphs showing all sorts of nifty data.
In addition to highly configurable autovoting apps, the loose collective of #time_vote maintains charts and graphs of the various candidate voting histories. Here’s a voting graph that shows the per-minute frequency of votes for boxer Manny Pacquiao.
More charts are available for browsing at (the very slow to load) http://fun.qinip.com/mvdc/mootvote.php
So with the charts, graphs, spam URLs and autovoters #time_vote had things well in hand. Moot would easily cruise to a victory. Although they still had some annoying competition, especially from fans of the boxer Manny Paquoia. Zombocom says that “it can take upwards of 4.5K votes a minute to keep Manny in his place”. Despite the Manny problem, the #time_vote collective had complete dominance of the poll.
The Ultimate Precision Hack
At this point Zombocom was starting to get bored and so he started fiddling with his voting scripts. Much to his surprise, he found that no matter what he did, he was never getting banned by Time.com. Zombocom suspects that his ban immunity may be because he’s running an ipv6 stack which may be confusing Time.com’s IP blocker. With no 13 second rate limit to worry about, he was able to crank out votes as fast as his computer would let him – about 5,000 votes a minute (and soon he’ll have a new server online that should give him up to 50,000 votes a minute.) With this new found power, Zombocom was able to take the hack to the next level.
Zombocom joked to one of his friends “it would be funny to troll Time.com and put us up as most influential, but since we are not explicitly on the list we’ll have to spell it out. ” His friend thought it was impossible. But two weeks later, “marblecake’ was indeed spelled out for all to see at the top of the Time.com poll.
So what is the significance of ‘marblecake’? Zombocom says: ” Marblecake was an irc channel where the “Message to Scientology” video originated. Many believe we are “dead” or only doing hugraids etc, so I thought it would also be a way of saying : we’re still around and we don’t just do only “moralfag” stuff .
To actually manipulate the poll, Zombocom wrote two perl scripts. The first one, auto.pl is pretty simple. It finds the highest rated person in the poll that is not in the desired top 21 (recall, there are 21 characters in the Message) and down-votes them (you can view this as eliminating the riff-raff). The second perl script, the_game.pl is responsible for maintaining the proper order of the top 21 by inspecting the rating of a particular person and comparing that rating to what it should be to maintain the proper order and then up-voting or down-voting as necessary to get the desired rating. With these two scripts, (less than 200 lines of perl) Zombocom can put the poll in any order he wants.
Ultimately, this hack involved lots of work and a little bit of luck. Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moots favor. Others, sprinkled the spam urls throughout the forums tricking the ‘competition’ into voting for moot. When Time.com responded by trying to close the door on the hacks, the loose collective rallied and a member discovered the ‘salt’ that would re-open the poll to the autovoters. The lucky bit was when Zombocom discovered that no matter what he did, he wouldn’t get banned. This opened the door to the fine grained manipulation that led to the embedding of the Message.
At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs – why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”.
MARBLECAKE FOREVER!!!!!!!!111!!!!eleven!!1~
the lulz indeed
really these guys should work on putting the pathetic RIAA and associated organisations in their place.
This also points out to the incredible mis-managment of the voting server, as well as the total lack of QA for the voting application.
I’m not downplaying the technical feats, but really what a show of we_do_not_know_what_we_are_doing ™.
Though a comment or two in the general vicinity of “too much time on their hands” comes to mind ;-)
Now, back to music machinery business will’ya ?
@pruneau – this relates directly to the music machinery business. If a poll run by a large media company (that should know how to run a poll) is so easily hacked, and with such finesse, by a loose collective, for fun, imagine what an organized group, motivated by money could do to a social music recommender. The next time you get a recommendation that says something like ‘people who like XXX also like Coldplay’ think hard about how that recommendation came about.
Honestly, I think /b/ would be able to have a bigger impact than any other kind of hacker group.
Rules 1 & 2
Paul, this is fantastic geek investigative journalism.
So then why couldn’t a countries election vote be hacked also?
That’s the most idiotic mental leap I’ve ever seen. How do you get from geeks messing around to hacking elections? Yeah, shit from companies like Diebold is insecure, but it’s not able to be hacked just by sending URLs.
popurls.com // popular today…
story has entered the popular today section on popurls.com…
I just lost the game
[...] [...]
i lold… i lost the game
This is an interesting article…I’m fascinated by the applications that were built for this poll. I honestly thought it was just scripts that were being run on websites that were activated when users visited them(like the MOOTHATTAN).
I’ve been following this for a while, and I can’t help but giggle in geeky laughter every time I see the top list.
Alas, however, I just lost the game.
Time for time.com to fire its developers and hire someone who knows shit about security practices.
like, maybe they could hire Zombocom?
No mention of decoding the flash to find the salt for the md5 key (‘lego-rules’, incidentally). The URL shown above is WRONG.
http://www.timepolls.com/contentpolls/Vote.do
?pollName=time100_2009&id=1883924&rating=1
the actual request send a key variable too, containing the md5 of the salt phrase plus the rest of the URL. So the key for the above entry is md5(lego-rulespollName=time100_2009&id=1883924&rating=1).
Without the key, or with a bad key, the vote is identifiable as fake. Even if you take the exact request made, and then spam it for 100 rating everytime, you can’t vary the rating unless you have either manually obtained the key, or could generate it.
The article makes no mention of key-caching, nor does it mention the method for key generation, yet the program seems to offer 8 choices for values, including 3 for each of 200+ potential votes. that’s 600 keys, and without those, they can go back the day the contest ends and wipe out all the garbage votes.
Including the ones with bad keys.
Including the LOIC blasts, many requests, but all with blank useragents.
I guess I’m just a bit jealous because I actually -did- reverse engineer the entire system and built a foolproof autovoter, and the brute-force machine here gets all the credit.
read the whole article. It talks about the salt and how it was found in the flash app. The URL you cite here is the URL that was used before Time tried to authenticate votes.
Disregard, I’m an asshole, and now see the hash was extracted.
Color me retarded.
No worries
its all for the lulz
For cripe’s sake, all they need is a decent firewall with stateful packet inspection. Hell, I could write you a rule in Check Point’s SmartView Tracker to take care of that kind of problem in a few minutes. Drop any IP that makes a request to range x, protocol https, more than x times per x amount of time, expire after x hours.
you dumbass. this could easily block legitimate traffic. web pages often require numerous hits in rapid succession for things like scripts, css files, and images.
sounds like you should be working for AT&T with that kind of shit logic.
also, it’s sad that this is called a hack. to supplement my income, i offer services to _cheat_ at online contests, mostly battle of the bands type stuff. what’s interesting is most of these shitty battle of the bands contests are way better designed than this TIME poll. They require email validation, or at the very least limit by IP (which has its own set of problems). TIME should be embarrassed. but my point was that this is cheating, not hacking. determining a GET url, or pulling a string out of a flash file is not hacking. and no hacker uses Delphi, that’s just a joke.
hey anonymous@slopsbox – I suggest you check out the many varied meanings of ‘hack’ – http://www.ccil.org/jargon/jargon_23.html#SEC30
Forget Coldplay…How about thinking about the vote manipulation next time you see a poll that says the public oh I don’t know lets say favors invading a foreign country or giving a couple billion to Goldman Sachs or … Great job on the hack and in particular thanks for making it public.
Paul,
Excellent article.
However, it seems that you either didn’t watch Contact, or didn’t pay attention to it, because you just drove a truck over one of my favorite movies.
Ellie doesn’t find a message “embedded in the digits of pi,” as you say. She finds a message embedded in *radio waves* coming from the Vega constellation. The message is encoded in a frequency that is the numerical value of the atomic weight of Hydrogen multiplied by π. The message was coming in bursts, with each set of bursts corresponding to a number in the Fibonacci sequence.
The idea was that intelligent beings somewhat like ourselves — not universe-creators, but simple ordinary run-of-the-mill aliens who happened to be older and more technologically advanced than us — sent a message in search for sentient beings like themselves. They sent a message that could only be interpreted and understood by intelligent life, and would be unmistakably the product of intelligent life. Using H*π and the Fibonacci sequence was a way to ensure that anyone *hearing* the message would not confuse it with a natural event.
If there was a message to be found in π, presumably someone would have found it by now, without needing to spend so much time listening to radio static from the sky.
Isaac – I’m talking about the book, not the movie. In the book ellis asks the aliens what they wonder about. They hint to ellis about a greater race that engineered the universe. They hint that there might be messages hidden in the constants like e or pi which leads ellis to start her next search for patterns in pi. Read the book. It is really quite good.
This difference is why I’m a huge fan of the book but hate the movie.
If I recall correctly the movie ended with a conspiracy theory about tapes that had been wiped.
i saw the book once, maybe. does that count?
Lrn 2 read boox. You will recognize them as bound paper documents that contain information not yet expressed in a movie, TV show, cartoon, or comic book.
It would be really cool if there was a Blockbuster for books, where you could just rent one out for a couple of nights.
Try the library
Wouldn’t that be a library?
Ooh, you mean like a library? Yeah, it would be awesome if they began implementing those!!
You fools got trolled.
Quite fitting for an article about trolling.
cool story, bro
I agree that Time seems to have no idea when it comes to their online poll, but maybe this just gives us an idea of how seriously they take the poll. It’s as if they said “Look at my delicious sandwich!” and, as we all struggled to find ways to steal the sandwich, Time decided it wasn’t really hungry and went bowling instead.
@Isaac Z. Schlueter:
Did you read the BOOK? After all the stuff with the messages from Vega, Ellie Arroway (oh, and in the book she wasn’t the only one who went into the machine) learns during her voyage that the beings who sent the signal have also been looking for signals themselves, signals from beings in some higher plane of existence that could have encoded messages into the fundamental constants and numbers of the Universe itself.
When Ellie (and the others) return, people don’t believe their story, and they’re forced to keep quiet by blackmail. But in secret they do their own studies and eventually find messages encoded in pi itself, giving them the evidence they need to reveal to the world what they had seen and that they didn’t just imagine it all.
This whole section at the end offers a more optimistic ending, I think, but it was cut from the movie because it was felt that moviegoing audiences wouldn’t get it.
So yeah, Paul didn’t misinterpret the movie — you should read the book.
There is no need to waste time and money developing such applications. More powerful poll managers are always available – they are called editors, and they are humans.
Moot has the best soup, therefore he is King of Time
Anything is possible with zombocom.
[...] Inside the precision hack – “At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked…” [...]
Hilarious! I wonder how Time will react in their Person of the Year issue.
[...] April 16th, 2009 Voting for the Time 100, Time Magazine’s list of the world’s most influential people in government, science, technology and the arts, has taken a bizarre turn. Rather than the expected dance-off between Stephen Colbert and Korean pop star Rain, the top spot is currently occupied by moot, the owner and operator of 4chan. Hear Time’s own take on it, and then, learn who hacked the vote. [...]
Marblecake rules. We are amused.
Thank you for a very informative and fascinating article. You’ve solved a mystery for me.
I am, however, a little annoyed. You could have protected us all by simply mentioning the acrostic of Marblecake. Thanks to you, I’ve just lost the game.
Sagan seduced a lot of people with his “Alien” crap.
well then I am glad to have been one of those people. Sagan has been and will be one of my idols.
This whole thing reminds me of a brilliant Sportsnight episode.
[...] minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works. Source and more… ——————————————————– This refers to: The 2009 TIME 100 [...]
>Mooter is a dephi app (windows only)
I think you mean Delphi
@creaothceann – yup, thanks. will fix.
Super Journalism, brilliant hack!
@ Ward:
Agreed! Joshua Malina was awesome in that, and everything else he’s been in…
[...] (Quelle: http://musicmachinery.com/2009/04/15/inside-the-precision-hack/) [...]
[...] world order So I read this article on how 4chan hackers subverted Time.com’s 100 Most Influential People [...]
200 lines of perl for the lulz and the support to millions.
4chan really does own the internet.
[...] Inside the precision hack « Music Machinery. Uncategorized [...]
this is all cool except i can’t understand how you could possibly require anywhere near 200 lines to write them perl scripts~!
precision hack indeed, up to the finest details, the bios of each person choosen to be in the list is very interesting :)
> @ plamere Says:
> April 15, 2009 at 4:59 pm
>
>@pruneau – this relates directly to the music machinery >business. If a poll run by a large media company (that should >know how to run a poll) is so easily hacked, and with such >finesse (…)
I stand corrected. And thank you for taking your time to do and write about such an investigation.
But really, from my point of view (i.e. someone with some experience configuring networks and/or securing device and/or developping network software), the polling company did _NOT_ do due diligence.
The simple fact that someone using the same IPv6 source address can still do more than x votes per second shoot their whole “security” system downs right there.
They should review this, and appraise the fact that today internet is not a nice place by any means, or just admit that their polls can be rigged and be done with it. And use the results accordingly.
What makes this particular case special is that the rigging was done with neither malign, nor stealth intentions: it’s obvious for everybody to see.
Thanks and kudos to the “acrostic” hacker group for teaching us a valuable lesson in security. I hope the poll company gets it, tough.
@pruneau – the fact that the company that messed up so royally happens to be one of the largest media companies in the world is predictive of the type security we are likely to encounter at many other online companies. For most, I suspect that security is an afterthought. We are increasingly relying on social systems to help us pick our music, our tv, our news, our political candidates. The fact that they are so vulnerable to hacking has potentially large impact on our lives.
[...] and you really don’t want to encourage these people to even look at you), who are able to shift even the biggest online polls at will. It shows how meaningless these polls really are when your position in them may be dictated by the [...]
Lesson: Whoever puts any weight in internet polls is a retard ^_^
Well, I fear you are right, but I hope you can be proved wrong.
One thing is sure, though: if they intent to base business on those polls, they will try and invest a bit more in security.
I know I’m daydreaming, but hey…
[...] Link zum Artikel (via) [...]
[...] 4:54 pm on April 16, 2009 | 0 Permalink | Reply Inside the precision hack « Music Machinery. [...]
that’s cool…
This is utterly artistic. While I certianly would not have voted for moot before this, I will be doing so now. Repeatedly.
Nice article. I wish people wouldn’t discredit all of Anonymous and do stuff like this. I mean it’s funny and all but it just gives people another reason to give us all grief.
http://www.pushthenet.com
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ 0 Reacties Geen Reacties tot nu toe Plaats een reactie RSS feed voor reacties op dit bericht. TrackBack URI Plaats een reactie Klik hier om de reply te annuleren. Automatische regel en alinea afbreking, email adressen nooit getoodn, toegestane HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> [...]
I think after the past couple of years TIME.com doesn’t really care who spends thousands of hours and leverages hundreds of fan sites to manipulate the poll. It’s not represented as a scientific undertaking and they are attempting good journalism while idle hands play around with their toys. Incidentally, NASA’s poll was recently hacked in the very same way and probably for the very same reason.
Lastly, TIME.com probably doesn’t have a vested interest in canceling those bot votes – since they are now counting that as user activity and will be able to justify higher ad rates to their adverts. Maybe, just maybe, TIME.com got the upper hand in this one and leveraged the power of the rabid fans to artificially increase their value!
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most [...]
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
[...] Inside the precision hack « Music Machinery (tags: hack security) [...]
The meek shall NOT inherit the earth.
The moot shall inherit the earth.
[...] of messagesRough Type — Twitter dot dash (reissue)Music Machinery — Inside the precision hackMootervote_moot.jpg (JPEG Image, 640×480 [...]
[...] via [...]
Wow, I am so far from techie, but that was interesting – and maybe slightly frightening. But, yeah, definitely fascinating. A whole ‘nother world that we’re all connected to – whether we know it or not. Thanks!
Oh, I guess this means that I just “lost the game”. Am I right? I just looked it up. Woa, one step closer to that mystifying technological universe. ;)
There are alot of interresting things in here that people are saying that are really interresting facts.
…so we needed proof with this level of intricacy to show “fixing”? weren’t the continually abysmal results of said “polls” sufficient data to convict? but many thanks for this cool article any way!
I knew who dunnit the minute I saw it. Nice.
[...] Inside the precision hack There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a [...] [...]
Pi is irrational. The digits are non-terminating, non-repeating. Therefore, all messages inevitably exist inside pi if you’re willing to search far enough.
But I haven’t RTFB, I’m just being an ass.
Actually, we don’t know if every digit is in pi. Just because it’s irrational doesn’t mean it’s normal. You see, a normal number is one in which every digit has a uniform distribution. There doesn’t exist a proof that pi is normal. (For that matter, neither is there a proof for euler’s number) Therefore, seeing such a message (by itself) doesn’t mean anything but it can lead supporting evidence to a conclusion that a greater power was manipulating certain things.
I have no idea whether the book goes over normal numbers, though, as I haven’t read it either.
HAHA!Constants are easy too manipulate man…The differences of darkness and light!Your evolutionism is
destroying your mind…
[...] Hackers manipulate a poll (via Metafilter). Good quote from Metafilter: “The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers.” [...]
/b/ = internet superheroes
So why do they do it? Why do they write code, build complex applications, publish graphs – why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”.
Epic!
I’m not sure that the calculation of pi contains all messages (like the infinite number of monkeys at typewriters generating the complete works of Shakespeare ({B Newhart, [Infinite Proceedings]}), but pi can’t be altered even by God (who in the bible didn’t even work it out to the nearest unit: 10 cubits x pi = 30). I know that Carl Sagan as author wanted to throw a little cosmic easter-egg to his abused heroine, who had just had the alien equivalent of the e-mail from Nigeria (aka “The Spanish Prisoner”), but I’m sorry that he chose that one. I would rather have had a straight line of pulsars in the sky signalling HANG IN THERE JODIE.
Alternatively, he could have left the question open for a little longer of whether all along she really -was- in a state of schizophrenic delusion. Most people who receive alien messages are.
Incidentally, there’s a Star Trek book where there are supercomputers whose data processing power is underestimated around 99 per cent because they spend most of the time goofing off, and for fun they have calculated that pi does finish up as a repeating decimal. But it’s a throwaway joke line. I can’t produce the proof that pi is not a fraction (a rational number), which is what a repeating number is, but I trust the people who can.
I can nearly imagine a universe whose physical rules are so different that although pi exists it is not significant, and the measurement of configurations is dominated by the constant called zelda, which I probably just invented. that is as close as I would contemplate to changing the actual value of pi. Also, the decimal (digits 0 to 9) expression of pi probably partly depends on the fact that we have ten “digits” on our hands, whereas other critters don’t (Yakuza). But that is a variable that does not allow for much expression. Actually, pi calculates really nicely in hexadecimal, and I think that serious pi nuts use that.
The decimal value of another “irrational” maths number, e, starts off with,
2.71828 18284 59045 23536…
Look at the hundredths to hundred-thousandths digits. And look at the millionths to the billionths. Now how about that?
[...] The members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most [...]
[...] 4chan Manipulates Time Magazine’s Most Influential Person of 2009 Poll [...]
Peole are still using the web to do good things for poeple and companies. do take a look at http://cbt20.org.
sorry http://cbt20.org
And again the mainstream media misses every relevant point. And a blogger has to do the work. Time Warner will learn a lesson from this, but not the lesson they need, because they won’t ever read this article and take meaning from it.
whatever geeks
[...] Pranks: Hackers are rumored to be manipulating Time.com’s poll to determine the world’s most [...]
[...] Time Empire Strikes Back It looks like Time has taken some action to combat the hack of the Time 100 Poll. They are now using a captcha to verify that the voter is a human – the [...]
best album of ALL time — led zeppelin “EAT THE PEACH”
[...] Inside the precision hack – Music Machinery In early stages of the poll, Time.com didn’t have any authentication or validation – the door was wide open to any client that wanted to stuff the ballot box. Soon these autovoting spam urls were sprinkled around the web voting up moot. If you were a fan of Rain, it is likely that when you visited a Rain forum, you were really voting for moot via one of these spam urls. (tags: anon humor web) [...]
[...] Inside the precision hack « Music Machinery (tags: 4chan) [...]
marblecake will never die, even without its leaDARR
[...] Inside the precision hack – "At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked. Naturally, I was a bit suspicious. Anyone could claim to be responsible for the hack [...] After talking to ‘Zombocom’ (not his real nick) for a few minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works." [...]
HACKERS ON STEROIDS
[...] online echo chambers into apparent routes for the opinions of science or atheism. But PZ points to a recent poll hack that makes the efforts of his clan look crude and [...]
Cool. Very interesting article. I am not aware TIME.com was hacked.
amazing stuff.. congrats to the 4chan team for their ingenuity and brilliance ! this made me lulz
:D
[...] Inside the precision hack « Music Machinery [...]
Society needs people like Zombocom to show us unreliability of big media companies.
[...] Inside the precision hack « Music Machinery [...]
I used actually work for a subsidiary of Time and I was at least partly responsible for making sure that there were no glaring security holes in the code that was written before it went live.
One of the biggest problems was that there wasn’t enough buy-in from management in this regard and hence the ratio of developers to security auditors was far too high. It simply wasn’t possible to read every line of code manually so we used automated tools and random sampling. Clearly, this leaves some room for improvement. Automated tools can pick up a lot but will always miss some things that a competent auditor will see.
Another problem was the quick turnaround required on some code. For instance, the poll can be announced in the magazine or even on the website by the editors and no mention of this made to the developers until a couple of days before it is due to go live. This shouldn’t happen, but it does and because the developers pull an all-nighter to get it up and running, the editors never have to take the blame for it not working. Hence, no incentive to modify their behaviour.
The last problem I will mention here was the varying nature of the developers. Some had good security coding practices and others didn’t. Team managers should have been fixing this when auditing code but, as I said earlier, not enough auditing was done.
I believe things have improved a little in the department where I worked but obviously the problem is not a solved one just yet. From my observations at other places I have worked and/or audited, these problems are not unique to Time.
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
[...] 実はこの投票結果は、4chanで広められた自動投票プログラムによって不正操作されたものだ。(詳細はこの記事にある)。どういう意味だろうか。Marblecakeというのは青くさい性的行為のことで、リックロールやLolcatといったあそびに端を発する4chanの精神に沿っている。 [...]
[...] run a big online poll and seen some abuse, I had to share this story posted on the Music Machinery blog. Every year, Time collects their list of 100 most influential people and conducts an online poll. [...]
[...] The story behind the fabulously precise hack of Time magazine’s “most influential people” poll. [...]
[...] Inside the precision hack – how moot and 4chan hacked their way into time.com’s “The Most Influential People of the 20th Century” [...]
dammit, i lost the game again! thanks a lot, anon. sheesh.
[...] Inside the Precision Hack explains in details how the hackers manage to upvote and keep all the list in order. Interesting read I’d say [...]
[...] out a message (’marblecake also the game’ (too cryptic for me – ed)) – see here for Paul Lamere’s post on how the hack was done (and what it has to do with [...]
[...] un jeu avec la participation aux usages sociaux, un peu à la manière – en très modeste – du hack de 4chan sur le classement de Time des most influential people in the world, qui montre que le web, et twitter en particulier, est [...]
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ zakładki [...]
[...] top 21 names so their first letters spell "marblecake, also the game." According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web [...]
BEST rock album of ALL time = “EAT THE PEACH” by the led zepplien
[...] out a message (’marblecake also the game’ (too cryptic for me – ed)) – see here for Paul Lamere’s post on how the hack was done (and what it has to do with [...]
[...] moot on the cover of Time Magazine?? Thx Jmac 4 posting the hack tech article. Inside the precision hack Music Machinery OT8 procedures dox’d by an OT8 http://groups.google.ca/group/alt.re…350d2dcefd31/b My art: [...]
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
News flash: 200 lines of Perl and a little report generation is not a “complex application”, it’s light entertainment.
I take that back. Maybe for the idiots at Time it’s a complex application, but that’s the problem, isn’t it?
[...] – kuten niin usein tämänkaltaisissa äänestyksissä käy – äänestystuloksen haluamakseen. Musicmachineryssä raportoitiin tarkemmin käytetyt keinot, mutta tiivistettynä Timen varautuminen äänestystuloksen [...]
[...] weeks ago, I read this article, detailing how the people of 4chan did a pretty funky precision hack of Time’s Magazines [...]
[...] are going be left unsatisfied with their winner. Especially since the entire voting process was hacked to pieces. I hope you like that post! The Next Web Blog covers start-up news from all over the world (not [...]
awesome
For those who think this is just an odd case out: I do web development professionally. I spend a lot of time trying to convince clients to pay for security features and I get denied a lot. They think that no one is going to ever hack their application. It’s a bit disconcerting.
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
[...] Article on how /b/ hacked the poll. Detailed Scripts inside! Inside the precision hack Music Machinery [...]
[...] founder, moot, was listed as one of the top 100 candidates, nothing else mattered. As detailed here, the users found a vote could be cast using a simple URL GET query: [...]
[...] the results of Time’s poll with interesting results, as can be seen in the screenshot above. Paul Lamere has the dirt on how it was all done for those who are interested. I will now be able to look [...]
[...] TIME Top 100 Online Poll (Bildquelle) [...]
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
Comedic Juxtaposition…
These two articles, put side by side, are pretty funny.
April 15, Music Machinery, Inside the Precision Hack:
I’m reminded of this scene [encoded messages] by the Time.com 100 Poll where millions have voted on who are the world’s most influential p……
[...] If you aspire to be next year’s most influentual person, you can see how they hacked it here. [...]
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
[...] Inside the precision hack [...]
[...] This just makes me smile (via Music Machinery) Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
[...] Mooter砲はDelphiで作られたツールのようで、解説がこっちにあります。 [...]
[...] Paul Lamere’s post on the precision hacking of Time.com’s 100 Most Influential People in Government poll. [...]
[...] yeah now i remembered one of the great hacks………………had read about it a few days back… Inside the precision hack Music Machinery _______________________________________ prongs’s [...]
[...] read a fun article about how it was pulled off, which was highly entertaining. Who knew web-based applications could [...]
[...] 100 most influential list hacked by 4chan /b/ "Marblecake, also the game" Here’s how it was done. [...]
Well played good sir
RULES 1 AND 2
[...] saber que a pesar de andar circulando por la web tanto tiempo, no se tomaron cartas en el asunto. Inside the precision Hack [inglés] (aquí en español) narra y explica la historia detrás de esta obra que al final fue [...]
does this really qualify as hacking?
the article says the first draft allowed you to revisit a url to cast a vote.
the final draft had “the salt” hard coded in the flash swf file, which there are many descriptors for.
unless I or the article missed something, they didn’t do any more “hacking” than the average joe who puts up an unreachable score on a flash web game scoreboard. There are many ways to secure a poll better than this.
frankly I’m a little surprised they went into depth of writing a few if else statements to spell something out in the poll… I think the real surprise is that Time 100 didn’t use any real security, even after noticing a threat.
I think you need to read the whole article
amen. this isn’t hacking. they cheated an online poll using some really simple techniques. flash decompilers are a dime a dozen, and the string “lego-rules” or whatever it was would stick out like a sore thumb. writing a gui in delphi with fancy plots just drives home that this was a fun little poll manipulation (something the /b/ guys seem to do a lot of), not a sophisticated, or even unsophisticated hack. they just have too much time on their hands (and i’m jealous) and they command a really large flock of sheep.
[...] The 2009 TIME 100 Finalists online-poll was manipulated with hither-to unheard of sophistication. Not only did hackers vote their choice into the #1 spot, but they stuffed the ballot so that the [...]
interesting,although I’ve just lost the game.
Oh Internet, how much do I love you.
NOW EVERYONE KNOWS THE HORRIBLE, HORRIBLE SECRET
[...] be fair to the other people participating in it. We wouldn’t want cheaters to make someone Lose The Game. Easy AdSenser by Unreal :4chan, Anonymous, internets, Lulz, moot No comments for this entry [...]
Could you you please ask Time.com to comment on this story? They have just announced that moot is the winner while denying any tomfoolery and not mentioning the ‘marblecake’ business at all. I find it hard to believe they dont know anything about this; its at least shoddy journalism and at worst blatant lies. Wheres their integrity? SOMEBODY please expose them.
[...] separated from the winner-take-at-least-a-good-deal rewards of market demand resulting in an efficient allocation of human capital. I certainly wouldn’t count on the benevolence of the garbageman and dog-catcher. Possibly [...]
Britney Spears fans have been doing this for years.
Her fans hacked the MTV VMA and MTV Europe Award polls in 2008 (unfairly beating Leona Lewis in each instance).
MTV bosses proceeded with both shows, as if nothing had happened. The Brit Awards have also been targeted in the past.
The only person to beat Britney Spears is Rick Astley, whose fans casted over one billion votes (not a typo) using the “rickvoter”.
MTV has no integrity, and probably enjoy millions of bots hitting their website, which they pass off to advertisers as genuine traffic. A complete and utter sham, for which they have never apologized.
Ironically, Parishioners,
I just lost The Game…
Blessings,
Le Rev Dr
Avril Lavine fans also gamed YouTube, using TubeIncreaser and TubeBooster, making her song “Girlfriend” the most watched video of all time.
The same video does not even make the top ten most favourited list (something that requires real people to favourate, and thus cannot be gamed).
Apparently YouTube find nothing wrong with this.
So who is making money from this scam? Does anyone care?
dude. if you actually care about this youtube stuff, or that mtv crap that you posted before, then you need to turn off the computer and tv for a couple of weeks and sort it out.
[...] however, it looks like the first 21 results on Time’s list are the result of an elaborate hack. Take a [...]
[...] did the hack happen? I’ve already described in great detail the steps that the loose collective known as ‘Anonymous’ took to hack the poll. This [...]
[...] Time.com, someone posted this is the General Forum… The Time Top 100 Vote How they did it Attached Images [...]
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
[...] Details of the hack can be read here, well played /b/. mARBLECAKE ALSO THE GAME for [...]
Time fails. I wonder how this will play out to the public. A magazine they read and trust has been pwned by a bunch of bored hackers.
[...] section of the forums. To manipulate a Times voting pole to achieve greater justice, sure. (Inside the precision hack Music Machinery) But even then, that’s not hacking. Eh, I’m not to concerned. Anyone stupid enough to openly do [...]
[...] Music Machinery, clearly reporting outside of its usual niche, has a rather detailed analysis of how 4chan manipulated the poll. This would certainly explain why Anwar Ibrahim, a Malaysian politician, nabbed second place. The [...]
[...] Well, it wouldn’t be /b/ if they didn’t have a hand in it. So well played, /b/, well played. Details on the hack can be found here. [...]
[...] Kane at rawstory lays out the general picture, Paul Lamere at Music Machinery fills in the specifics, and, if you want your eyes to bleed and your brain to [...]
[...] That’s it … the poll is hacked! 4chan members hacked Time magazines top 100 list! The secret of how the epic hack was accomplished is explained in great technical detail at the Music Machinery blog. Read the article ‘Inside the precision hack’ at this URL http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ [...]
[...] Inside the precision hack Music Machinery You guys need to read this, what they did was hilarious. It describes exactly what they did. ____________________________________ Welcome to the Thunder Dome [...]
[...] into the mechanics of the hack itself and that’s exactly what Paul Lamere managed to do by speaking to the people behind it. He recounts how he had a 4am meeting in an online chatroom with someone only calling himself [...]
[...] collection of exploits run against the poll are a nifty little set. Music Machinery’s got a nice overview of how the multipart effort came off. So was Time asking for it by including 4chan founder moot [...]
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ [...]
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
“for the lulz”
how epic she would put that in the end… no thats just stupied
[...] Time’s most influential. B-Tards hacked the Time magazine’s most influential list resulting in this: Full details: Inside the precision hack Music Machinery [...]
[...] the collection of exploits run against the poll are a nifty little set. Music Machinery’s got a nice overview of how the multipart effort came off. So was Time asking for it by including 4chan founder moot [...]
[...] Posted by -Thief- lol LOL indeed. On a different note, away we go. Shortly, there will be nothing stopping Obama from passing [...]
[...] [...]
[...] 4chan web hackers crushed Time magazine. [...]
[...] hacked- Inside the precision hack Music Machinery __________________ [...]
“For the Lulz”
EPIC WIN
[...] Admins des Time Magazines zum Wahnsinn getrieben hat, schlussendlich den Sieg davon getragen hat, ist hier nachzulesen. Und als wäre diese Schmach nicht genug, hat man dem Time Magazine noch eine Nachricht [...]
[...] Lamere at Music Machinary has the scoop on how /b/ hacked Time and not only made moot the most influential person of the [...]
m
A
R
B
L
E
C
A
K
E
A
L
S
O
T
H
E
G
A
M
E
We worked our butts off for this.
[...] Men det är inte det som är det roliga, som bloggen Music Machinery skrivit ett långt och mycket läsvärt inlägg om. [...]
[...] Music Machinery has a couple of excellent posts on 4chan’s triumphant carpetbombing (pre-captcha and post-captcha).Time, Inc. has responded to their complete failure with all the dignity and good [...]
[...] hackero lo lograron primero mediante peticiones GET HTTP donde rápidamente ubicaron a “moot” por encima de la lista, con la ayuda de autovoters [...]
[...] bored at work / just shooting the shit / no rails to derail thread On the internet anyway. : Inside the precision hack Music Machinery __________________ [...]
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
[...] hackero lo lograron primero mediante peticiones GET HTTP donde rápidamente ubicaron a “moot” por encima de la lista, con la ayuda de autovoters [...]
[...] alles zustande bringen. Einen tieferen Einblick, wie das alles vor sich ging erhaltet ihr auf dem Blog Music Machinery. Was lernen wir daraus? Traue niemals einer Statistik Liste, die du nicht selbst gefälscht [...]
[...] В процесс онлайн-голосования, организованного изданием Time.com с целью выявить сотню самых влиятельных людей, вмешались хакеры. Обнаружив бреши в системе голосования, они сумели распределить имена претендентов таким образом, чтобы сформировать скрытое послание, отмечается в блоге Music Machinery. [...]
“why do they organize a team that is more effective than most startup companies?”
hahaahaha, lulz. epic
Interesting article. The hack is specktacular in that it is to Time mag, and lulz, but technicaly straight forward to any competant and experienced web programer who has the balls and inclination. Due to it’s hameless nature to such a powerful media organisation I admire Mr Moot.
[...] hemligt meddelande: Marblecake, also, the Game. Läs mer om vad det betyder och hur det gick till här. Att kunna manipulera undersökningen så att en viss person kommer högst upp är en sak, men att [...]
[...] By Allie | April 29, 2009 [via music machinery] [...]
[...] Time seems to deny of any hacking involved, we suspect there is a high chance of foul play. What exactly does the words from the [...]
The game.
hai guise.. just wanted to know, what is /b/?
sincerely,
shttngdcknppls
hai
Ho ! Good !
[...] once again. Global financial crisis, swine flu, increasing arrival of asylum seekers, and the Times 100 hack – hardly any real news at all! __________________ 24" 2.4GHz iMac, 2GHz MBP, (1.66GHz, [...]
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
Henrik Says:
April 27, 2009 at 3:49 pm
Honestly, I think /b/ would be able to have a bigger impact than any other kind of hacker group.
——————————————————–
ROFL. /b/ tards being hackers? You know how to make jokes!
Nothing but children and angry teenagers.
[...] proceso por el que se puede reventar una encuesta viene muy bien descrito en este post , un sistema extremadamente sencillo cuando se entiende la vulnerabilidad de proponer sistemas [...]
[...] The magazine also conducted an online poll. However, that poll was heavily hacked into by a mysterious bunch of hackers from the influential Web message board 4chan.or and was topped by moot – the 21-year-old creator of the board! Not stopping at making moot the winner with 16,794,368 votes using Autovoter scripts beating the likes of Barack Obama, Vladimir Putin and Oprah Winfrey, the hackers edited the entire top ranks to leave a crypted message. To read a detailed blog on how this was done go here. [...]
This was certainly VERY interesting, and until I read the very last part ‘lulz’ this type of stuff always makes me want to learn how to script. But ‘for the lulz’! that kind of behavior is disgusting, it can hurt SO many people, just for the laughs? What happens when some teenager decides to try and hack something really important, just for the kicks? The CoS (Church of Scientology) does deserve whatever happens to it, I agree with people hacking and whatever them, but only because it is for a reason, a very good reason! For fun is almost never a good reason
網路民調之不可靠性…
Time 也不是新來混的,怎麼會連一些簡單的行規都不懂 ?!
今天看到一則有趣的新聞,內容是有關 Time Magazine 辦的 TIME 100 (全球百大人物) 網路投票 的事。故事是這樣的:每年 Time 都會選出一些……
[...] [...]
[...] blog ” Music Machinery” publicou uma explicação detalhada de como o hack foi feito. Segundo o blog, os [...]
“they didn’t have range check on the voting ”
This really makes me think that what kind of newbie coder does Time use ?
Or is it so that they interested 0% of security
Hopefully this makes the security more interesting from now on
weird
[...] The Internet is not some monolithic entity, and there’s certainly not a culture that defines the Internet. If there was, it would probably be 4chan. I’ve never been brave enough to visit 4chan myself, it is a scary place. A scary place with a large membership. Time found this out when they allowed the anonymous public to vote for Person of the Year. They could have settled with just picking someone outlandish, but what the 4channers did was way more impressive. You can read all about it in this post on musicmachinery.com. [...]
[...] those who are interested, the details of the precision hack are in a blog post by Paul Lamere here. They make fascinating [...]
[...] : ขั้นตอนการแฮกโดยละเอียดจาก MusicMachinery ตอน 1, ตอน [...]
4 teh lulz!!!
[...] F!XMBR stiess ich auf den Link zum Hintergrund des Time.com 100-Hacks.Ist ist interessant zu sehen, wie vorgegangen wurde und es gibt einem selbst [...]
marblecake wins >9000 internets
i lost the game..
[...] “Time 100″ dinner honoring the year’s most influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s fiance/Seagram heir Benjamin Brewer. According [...]
its all fot teh lulz
[...] are official, Mashable writer Stan Schroeder figures TIME is playing stupid on the legitimacy of a hack that happened thanks to the hands of 4chan [...]
[...] “Time 100″ dinner honoring the year’s most influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s fiance/Seagram heir Benjamin Brewer. According [...]
[...] Details of the hack can be read here, well played /b/. mARBLECAKE ALSO THE GAME for [...]
newfags can’t keep their mouths shut
also, i just lost the game
Evry1 lost the game nub
[...] “Moot,” 4chan’s reclusive founder, emerged as Number One… see here and here.) “‘But I don’t want to go among mad people,’ said Alice. ‘Oh, you [...]
[...] The true measure of how influential a person is on twitter, is that they’re being followed by people who aren’t following very many people first, and followed by other influential people second. It would be interesting if twitter had this metric on a user’s profile. However, I know that many hackers would be able to quickly become the most influential. [...]
[...] influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s [...]
Absolutely fucking genius. A job well done.
Beautiful. I should take lessons from them. Dad wont teach me, even though he used to be a decent hacker himself.
[...] Time magazine recently discovered to their cost, it can be extremely difficult to protect fair, anonymous electronic voting against [...]
I just lost the game :(
[...] can read the whole story on Paul Lemere’s [...]
Just shows how sad these people are to wreck Time’s poll just because they can.
sad? i’d say they’re happy as hell getting all this publicity for cheating at a stupid online poll. much happier than you by the sound of it…
LOL! Things like this make me want to try going to 4chan…now if only it wasn’t full of hentai and stuff…
wait… this is hacking? i thought hacking required way more 1337 skills than what is described above. at least thats what the movie hackers paints it out to be. i mean this is fairly simple scripting… its not like they de-rainbowed the md5 or anything crazy
i was half-expecting that’s what they’d done, but then remembered it was /b/, not people with skills. i guess running strings on a swf file is considered hacking these days…
for example:
“Someone figured out the voting URL protocol”
ummm thats waay easy. just use a console program like firebug
I lost
[...] [...]
look at total votes xD
[...] shill who will try to manipulate the chart in order to promote their interests. We see this in online polls, social news sites and popular music [...]
[...] F!XMBR stiess ich auf den Link zum Hintergrund des Time.com 100-Hacks.Ist ist interessant zu sehen, wie vorgegangen wurde und es gibt einem selbst [...]
i thought they called it world of warcraft because everyone who plays it yells WOW in excitement, so they lengthened the abbreviation to world of warcraft
[...] story left me wondering just what the group who were able to stack the Time 100 Poll, create LOLCats & Rickrolling, and tear apart the life of a dodgy computer repairman (among [...]
[...] most talented hackers out there. The last time 4chan was in the news was this April when they gamed a Time poll to find the top 100 most influential people. Talent aside, just the sheer number of people who use the 4chan site worldwide is enough to [...]
Real,
this is hacked to the core !!!
marblecake ftw.
[...] etc., se encontraba moot, que lo único que ha hecho es el mítico 4chan. Según nos cuenta Paul Lamere, el tipo que fue contactado por Zombocom, el principal, al parecer, hacker detrás de esto, todo [...]
Shit. I lost the game. Great article, though. It was good for some lulz.
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ a few seconds ago from Gwibber [...]
[...] really give up on their online polls. After their “Most Influential Person” Poll was hacked earlier this year, they should have gotten the hint. Time.com recently hosted a poll entitled [...]
[...] person in the world was 4chans founder moot, after he was voted to the top by 4chan poll bombers. The reality was even more incredible. What actually happened was that the entire Time Top 100 had been precision hacked so that the first [...]
[...] атаки, включая способы обхода капчи доступны здесь и здесь. Любопытно, что Time не стал отменять результаты [...]
Hacking at its core, is simple exploitation. No matter how open that exploit is.. From item duping, to draining millions of dollars from banks. Although Hackers, are known for their skills, and ability to find these exploits by applying past knowledge. Script-kiddies on the other hand, use other peoples works, in the intent they are meant for, rarely discovering un-trotted territories. They also rarely know how a particular exploit works, they just know that it does. Just because you use someone else’s tools doesn’t make you less intelligent. In fact few hackers out there actually have their own OS they coded and designed, which means few hackers can say they stand on their own 2 feet completely.
Oh and “for the Lulz” is a great reason to do something, because if you ever need to do it again in the future, you now have the experience to make it go much smoother the second time around.
There is nothing more dangerous than a self proclaimed genius, especially when they have all the information of the internet at their disposal
If you believe you are to stupid to do something, you probably are.
4chan itself is more than just a zest pool, its a breeding ground for true creativity. Thousands of people, all trying to be able to say they are the creator of something popular, while simultaneously remaining anonymous, destroying all proof that the work was ever theirs. Lets divide 4chan’s populace into 4 categories, noting people can transcend, and regress, any or all of them at times.
NewFags – the bread and butter behind 4chan, usually without any photoshoping skills, they hang around perpetuating their favorite memes.
Trolls – these cheeky bastards, are here on a psychological level. They lead the NewFags around like sheep. They are manipulative and controlling, taking pleasure in their ability to predict, and control others.
OldFags – Players who consider themselves Senior members of 4chan, they have often been around for a long time, but not always. They usually have atleast moderate photomanipulation skills, and have a deeper understanding of what 4chan is about. Most of the meme’s come from this level, although some do come from the trolls.
Underground – This would be the elite’s with varying skills, and to much time on their hands. I havnt been around long enough to know that much about this catagory, and all I know are rumors
Haha.
Wow.
You call a hacker to someone who wrote a program in DELPHI!?!? You must be KIDDING, seriously! i call that person a YOUNG boy with many free time :P
[...] In seiner einfachsten Form zählt man einfach die Stimmen irgendwelcher Nutzer zusammen und hat ein Ergebnis. Die Grenzen nerven schnell. Grund, sich mal mit ein paar weiter gedachten Verfahren zu [...]
[...] it was worth looking into an automated submission hack, much like (though less involved than) the marblecake/moot time.com poll hack. The HTML and javascript that controls the page seems very straightforward, and so this is where my [...]
wonder how many of the 4chan droogies know that Pascal (that’s what delphi is an implementation of) was started at…
Apple.
In the 80s before they got into jail & jailing.
object pascal… that is.
Was made for the Apple Lisa SDK & moved onto the Mac68k from there.
Quality job of messin with Time Warner BTW. Classico.
I love 4chan. Also, I just lost The Game.
▲
▲▲
Also, The game.
haha newfag
▲
▲▲
Referring to the whole “worrying about how serious media companies take their security” thing:
I challenge anyone with the skill level of those who conducted this “hack” to try to extract a single dime from a system that Matters to Owners™. Seriously, the whole “manipulated by some collective” angle originating with the first post is nonsense. Anything that matters to someone on this planet, online or offline, is secured as it should be. If security seems lax it’s because nobody gives a damn about a TIME.com online poll, including TIME.com itself.
If you ever saw a successful, real hack on a valuable target know that the perpetrators are no /b/tards and have been spending valuable time on actual technical learning rather than “trolling the internetz.” And they won’t do it “for the lulz” since they are well aware of the consequences (and yes, an actual act of “hacking” has dire consequences if one gets caught).
In the end, this boils down to “lulz:” cheap, short-lived, insignificant, disaffected-youth-type enjoyment. Have a lollipop.
P.S. It’s tough, rough, and cold out here. Stick to your armchairs so long as respective basement owners haven’t applied the Final Solution to your little den.
Has anyone considered the possibility that this whole thing was just a way to get the internet generation interested in and talking about Time magazine? Why did they put moot in the poll in the first place?
Someone mentioned 4 categories of 4chan users, but they’re wrong. There are 2 categories: cancer and not-cancer. And considering how much child porn is on /b/ I’d say cancer wins the numbers game.
I also lost the game. Fuck!
[...] it out) hacked Time’s online voting device in order to get a secret message spelled out. The details of their hack are here and I will admit it’s impressive. But the very first question that came into my mind was, [...]
I just loast the game.
=[
i lost the game
I was unsure what the game was, but I found my answer, and now I have lost.
…
I am impress by technical knowledge.
I am disappoint in that this has not been done again. although I’m not sure how many polls moot would be in.
With that being said, 4chan has been pretty dang influential.
but srsly. hax sum srs stuff. kthnx.
*popping popcorn*
NEWFAGS CAN’T TRI-TRIFORCE
▲
▲ ▲
▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
You proved that point exquisitely.
Being myself a follower of Pharyngula, I can agree that the polls will go crazy. I mean really crazy weighted in one direction. But this…I cannot imagine the degree of organization that went into this. Truly fantastic.
It’s scary how much influence a group of people on a website can have. At the same time 4chan always seems to come up with a way to make us laugh
It’s not just us 4channers, but thankyou.
Anon.
[...] polls are mostly worthless, and small-sample Internet polls are even more worthless, but we can infer from this poll that yes, [...]
Dont You just Love this ? Its GREAT!! THE BEST!!
[...] Neither do I claim that online polls are reliable – as even TIME magazine famously found out. [...]
Even now, this is still full of win.
[...] att du kan svar mer än en gång. Det mest extrema exemplet på detta var när Anonymous lyckades manipulera Times omröstning över de 100 mest inflytelserika personerna, på et sådant sätt att deras föredragna person kom [...]
[...] Time magazine got one of its polls hacked, again, by the jokers over at the 4chan image boards. What can you say? Ask a dumb question, get a dumb [...]
[...] 4chan on tuottanut myös paljon muita mahtavia asioita, Wikipedia listaa osan näistä. Viimeisimpänä kiinnostaa Tangomarkkinat-Maunon tarina. Internetiä epäiltiin katsojaäänestyksen “väärentämisestä”, ja jutun kommenteissa muistutetaankin, kuinka 4chan yli vuosi sitten masinoi time.comin internetin vaikutusvaltaisimpien henkilöiden äänestystuloksen. [...]