There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a Message embedded deep in the digits of PI. The Message is perhaps an artifact of an extremely advanced intelligence that apparently manipulated one of the fundamental constants of the universe as a testament to their power as they wove space and time. I’m reminded of this scene by the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts. Just as Ellie found a Message embedded in PI, we find a Message embedded in the results of this poll. Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers.
At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked. Naturally, I was a bit suspicious. Anyone could claim to be responsible for the hack – but I ventured onto the IRC channel (feeling a bit like a Woodward or Bernstein meeting Deep Throat in a parking garage). After talking to ‘Zombocom’ (not his real nick) for a few minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works.
The Beginning
Zombocom told me that it all started out when the folks that hang out on the random board of 4chan (sometimes known as /b/) became aware that Time.com had enlisted moot (the founder of 4chan) as one of the candidates in the Time.com 100 poll. A little investigation showed that a poll vote could be submitted just by doing an HTTP get on the URL:
http://www.timepolls.com/contentpolls/Vote.do
?pollName=time100_2009&id=1883924&rating=1
where ID is a number associated with the person being voted for (in this case 1883924 is Rain’s ID).
Soon afterward, several people crafted ‘autovoters’ that would use the simple voting URL protocol to vote for moot. These simple autovoters could be triggered by an easily embeddable ’spam URL’. The autovoters were very flexible allowing the rating to be set for any poll candidate. For example, the URL
http://fun.qinip.com/gen.php?id=1883924
&rating=1&amount=160
could be used to push 160 ratings of 1 (the worst rating) for the artist Rain to the Time.com poll.
In early stages of the poll, Time.com didn’t have any authentication or validation – the door was wide open to any client that wanted to stuff the ballot box. Soon these autovoting spam urls were sprinkled around the web voting up moot. If you were a fan of Rain, it is likely that when you visited a Rain forum, you were really voting for moot via one of these spam urls.
Soon afterward, it was discovered that the Time.com Poll didn’t even range check its parameters to ensure that the ratings fell within the 1 to 100 range. The autovoters were adapted to take advantage of this loophole, which resulted in the Time.com poll showing moot with a 300% rating, while all other candidates had ratings far below zero. Time.com apparently noticed this and intervened by eliminating millions of votes for moot and restoring the poll to a previous state (presumably) from a backup. Shortly afterward, Time.com changed the protocol to attempt to authenticate votes by requiring that a key be appended to the poll submission URL that consisted of an MD5 hash of the URL + a secret word (AKA ‘the salt’).
“Needless to say, we were enraged” says Zombocom. /b/ responded by getting organized – they created an IRC channel (#time_vote) devoted to the hack, and started to recruit. Shortly afterward, one of the members discovered that the ’salt’, the key to authenticating requests, was poorly hidden in Time.com’s voting flash application and could be extracted. With the salt in hand – the autovoters were back online, rocking the vote.
Another challenge faced by the autovoters was that if you voted for the same person more often than once every 13 seconds, your IP would be banned from voting. However, it was noticed that you could cycle through votes for other candidates during those 13 seconds. The autovoters quickly adapted to take advantage of this loophole interleaving up-votes for moot with down-votes for the competition ensuring that no candidate received a vote more frequently than once every 13 seconds, while maximizing the voting leverage.
One of the first autovoters was MOOTHATTAN. This is a simple moot up-voter that will vote for moot about 100 times per minute. (Warning, just by visiting that site, you’ll invoke the autovoter – so if you don’t want to hack the vote, you should probably skip the visit).
Here’s a screenshot of another autovoter, a program called Mooter, developed by rdn:
Mooter is a Delphi app (windows only) that can submit about 300 votes per minute from a single IP address. It will also take advantage of any proxies and cycle through them so that the votes appear to be coming from multiple IP addresses. rdn, the author of Mooter, has used Mooter to submit 20 thousand votes in a single 15 minute period. In the last two weeks, (when rdn started keeping track) Mooter alone has submitted 10,000,000 votes (about 3.3% of the total number of poll votes).
From the screenshot you can see that Mooter is quite a sophisticated application. It allows fine grained control over who receives votes, what type of rating they get, voting frequency, the proxy cycle, along with charts and graphs showing all sorts of nifty data.
In addition to highly configurable autovoting apps, the loose collective of #time_vote maintains charts and graphs of the various candidate voting histories. Here’s a voting graph that shows the per-minute frequency of votes for boxer Manny Pacquiao.
More charts are available for browsing at (the very slow to load) http://fun.qinip.com/mvdc/mootvote.php
So with the charts, graphs, spam URLs and autovoters #time_vote had things well in hand. Moot would easily cruise to a victory. Although they still had some annoying competition, especially from fans of the boxer Manny Paquoia. Zombocom says that “it can take upwards of 4.5K votes a minute to keep Manny in his place”. Despite the Manny problem, the #time_vote collective had complete dominance of the poll.
The Ultimate Precision Hack
At this point Zombocom was starting to get bored and so he started fiddling with his voting scripts. Much to his surprise, he found that no matter what he did, he was never getting banned by Time.com. Zombocom suspects that his ban immunity may be because he’s running an ipv6 stack which may be confusing Time.com’s IP blocker. With no 13 second rate limit to worry about, he was able to crank out votes as fast as his computer would let him – about 5,000 votes a minute (and soon he’ll have a new server online that should give him up to 50,000 votes a minute.) With this new found power, Zombocom was able to take the hack to the next level.
Zombocom joked to one of his friends “it would be funny to troll Time.com and put us up as most influential, but since we are not explicitly on the list we’ll have to spell it out. ” His friend thought it was impossible. But two weeks later, “marblecake’ was indeed spelled out for all to see at the top of the Time.com poll.
So what is the significance of ‘marblecake’? Zombocom says: ” Marblecake was an irc channel where the “Message to Scientology” video originated. Many believe we are “dead” or only doing hugraids etc, so I thought it would also be a way of saying : we’re still around and we don’t just do only “moralfag” stuff .
To actually manipulate the poll, Zombocom wrote two perl scripts. The first one, auto.pl is pretty simple. It finds the highest rated person in the poll that is not in the desired top 21 (recall, there are 21 characters in the Message) and down-votes them (you can view this as eliminating the riff-raff). The second perl script, the_game.pl is responsible for maintaining the proper order of the top 21 by inspecting the rating of a particular person and comparing that rating to what it should be to maintain the proper order and then up-voting or down-voting as necessary to get the desired rating. With these two scripts, (less than 200 lines of perl) Zombocom can put the poll in any order he wants.
Ultimately, this hack involved lots of work and a little bit of luck. Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moots favor. Others, sprinkled the spam urls throughout the forums tricking the ‘competition’ into voting for moot. When Time.com responded by trying to close the door on the hacks, the loose collective rallied and a member discovered the ’salt’ that would re-open the poll to the autovoters. The lucky bit was when Zombocom discovered that no matter what he did, he wouldn’t get banned. This opened the door to the fine grained manipulation that led to the embedding of the Message.
At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs – why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”.
April 15, 2009 at 4:22 pm |
MARBLECAKE FOREVER!!!!!!!!111!!!!eleven!!1~
April 28, 2009 at 6:34 pm |
the lulz indeed
May 1, 2009 at 12:53 pm |
really these guys should work on putting the pathetic RIAA and associated organisations in their place.
April 15, 2009 at 4:55 pm |
This also points out to the incredible mis-managment of the voting server, as well as the total lack of QA for the voting application.
I’m not downplaying the technical feats, but really what a show of we_do_not_know_what_we_are_doing ™.
Though a comment or two in the general vicinity of “too much time on their hands” comes to mind ;-)
Now, back to music machinery business will’ya ?
April 15, 2009 at 4:59 pm |
@pruneau – this relates directly to the music machinery business. If a poll run by a large media company (that should know how to run a poll) is so easily hacked, and with such finesse, by a loose collective, for fun, imagine what an organized group, motivated by money could do to a social music recommender. The next time you get a recommendation that says something like ‘people who like XXX also like Coldplay’ think hard about how that recommendation came about.
April 27, 2009 at 3:49 pm
Honestly, I think /b/ would be able to have a bigger impact than any other kind of hacker group.
January 30, 2010 at 4:14 am
Rules 1 & 2
April 15, 2009 at 5:32 pm |
Paul, this is fantastic geek investigative journalism.
July 23, 2009 at 3:05 pm |
So then why couldn’t a countries election vote be hacked also?
August 25, 2009 at 4:07 am
That’s the most idiotic mental leap I’ve ever seen. How do you get from geeks messing around to hacking elections? Yeah, shit from companies like Diebold is insecure, but it’s not able to be hacked just by sending URLs.
April 15, 2009 at 9:00 pm |
popurls.com // popular today…
story has entered the popular today section on popurls.com…
April 15, 2009 at 9:05 pm |
I just lost the game
April 15, 2009 at 9:20 pm |
[...] [...]
April 15, 2009 at 9:24 pm |
i lold… i lost the game
April 15, 2009 at 9:24 pm |
This is an interesting article…I’m fascinated by the applications that were built for this poll. I honestly thought it was just scripts that were being run on websites that were activated when users visited them(like the MOOTHATTAN).
April 15, 2009 at 10:26 pm |
I’ve been following this for a while, and I can’t help but giggle in geeky laughter every time I see the top list.
Alas, however, I just lost the game.
April 15, 2009 at 10:32 pm |
Time for time.com to fire its developers and hire someone who knows shit about security practices.
January 28, 2010 at 6:53 pm |
like, maybe they could hire Zombocom?
April 15, 2009 at 10:34 pm |
No mention of decoding the flash to find the salt for the md5 key (‘lego-rules’, incidentally). The URL shown above is WRONG.
http://www.timepolls.com/contentpolls/Vote.do
?pollName=time100_2009&id=1883924&rating=1
the actual request send a key variable too, containing the md5 of the salt phrase plus the rest of the URL. So the key for the above entry is md5(lego-rulespollName=time100_2009&id=1883924&rating=1).
Without the key, or with a bad key, the vote is identifiable as fake. Even if you take the exact request made, and then spam it for 100 rating everytime, you can’t vary the rating unless you have either manually obtained the key, or could generate it.
The article makes no mention of key-caching, nor does it mention the method for key generation, yet the program seems to offer 8 choices for values, including 3 for each of 200+ potential votes. that’s 600 keys, and without those, they can go back the day the contest ends and wipe out all the garbage votes.
Including the ones with bad keys.
Including the LOIC blasts, many requests, but all with blank useragents.
I guess I’m just a bit jealous because I actually -did- reverse engineer the entire system and built a foolproof autovoter, and the brute-force machine here gets all the credit.
April 15, 2009 at 10:43 pm |
read the whole article. It talks about the salt and how it was found in the flash app. The URL you cite here is the URL that was used before Time tried to authenticate votes.
April 15, 2009 at 10:36 pm |
Disregard, I’m an asshole, and now see the hash was extracted.
Color me retarded.
April 15, 2009 at 10:45 pm |
No worries
April 15, 2009 at 10:40 pm |
its all for the lulz
April 15, 2009 at 11:12 pm |
For cripe’s sake, all they need is a decent firewall with stateful packet inspection. Hell, I could write you a rule in Check Point’s SmartView Tracker to take care of that kind of problem in a few minutes. Drop any IP that makes a request to range x, protocol https, more than x times per x amount of time, expire after x hours.
July 27, 2009 at 11:00 am |
you dumbass. this could easily block legitimate traffic. web pages often require numerous hits in rapid succession for things like scripts, css files, and images.
sounds like you should be working for AT&T with that kind of shit logic.
also, it’s sad that this is called a hack. to supplement my income, i offer services to _cheat_ at online contests, mostly battle of the bands type stuff. what’s interesting is most of these shitty battle of the bands contests are way better designed than this TIME poll. They require email validation, or at the very least limit by IP (which has its own set of problems). TIME should be embarrassed. but my point was that this is cheating, not hacking. determining a GET url, or pulling a string out of a flash file is not hacking. and no hacker uses Delphi, that’s just a joke.
July 27, 2009 at 11:14 am
hey anonymous@slopsbox – I suggest you check out the many varied meanings of ‘hack’ – http://www.ccil.org/jargon/jargon_23.html#SEC30
April 15, 2009 at 11:15 pm |
Forget Coldplay…How about thinking about the vote manipulation next time you see a poll that says the public oh I don’t know lets say favors invading a foreign country or giving a couple billion to Goldman Sachs or … Great job on the hack and in particular thanks for making it public.
April 15, 2009 at 11:17 pm |
Paul,
Excellent article.
However, it seems that you either didn’t watch Contact, or didn’t pay attention to it, because you just drove a truck over one of my favorite movies.
Ellie doesn’t find a message “embedded in the digits of pi,” as you say. She finds a message embedded in *radio waves* coming from the Vega constellation. The message is encoded in a frequency that is the numerical value of the atomic weight of Hydrogen multiplied by π. The message was coming in bursts, with each set of bursts corresponding to a number in the Fibonacci sequence.
The idea was that intelligent beings somewhat like ourselves — not universe-creators, but simple ordinary run-of-the-mill aliens who happened to be older and more technologically advanced than us — sent a message in search for sentient beings like themselves. They sent a message that could only be interpreted and understood by intelligent life, and would be unmistakably the product of intelligent life. Using H*π and the Fibonacci sequence was a way to ensure that anyone *hearing* the message would not confuse it with a natural event.
If there was a message to be found in π, presumably someone would have found it by now, without needing to spend so much time listening to radio static from the sky.
April 15, 2009 at 11:28 pm |
Isaac – I’m talking about the book, not the movie. In the book ellis asks the aliens what they wonder about. They hint to ellis about a greater race that engineered the universe. They hint that there might be messages hidden in the constants like e or pi which leads ellis to start her next search for patterns in pi. Read the book. It is really quite good.
April 24, 2009 at 5:20 am
This difference is why I’m a huge fan of the book but hate the movie.
If I recall correctly the movie ended with a conspiracy theory about tapes that had been wiped.
April 27, 2009 at 11:49 am
i saw the book once, maybe. does that count?
April 26, 2009 at 7:14 pm |
Lrn 2 read boox. You will recognize them as bound paper documents that contain information not yet expressed in a movie, TV show, cartoon, or comic book.
April 27, 2009 at 8:58 am
It would be really cool if there was a Blockbuster for books, where you could just rent one out for a couple of nights.
April 27, 2009 at 10:11 am
Wouldn’t that be a library?
April 27, 2009 at 10:57 am
Ooh, you mean like a library? Yeah, it would be awesome if they began implementing those!!
April 27, 2009 at 6:47 pm
You fools got trolled.
April 29, 2009 at 8:13 am
Quite fitting for an article about trolling.
May 27, 2009 at 7:29 pm |
cool story, bro
April 15, 2009 at 11:39 pm |
I agree that Time seems to have no idea when it comes to their online poll, but maybe this just gives us an idea of how seriously they take the poll. It’s as if they said “Look at my delicious sandwich!” and, as we all struggled to find ways to steal the sandwich, Time decided it wasn’t really hungry and went bowling instead.
April 15, 2009 at 11:50 pm |
@Isaac Z. Schlueter:
Did you read the BOOK? After all the stuff with the messages from Vega, Ellie Arroway (oh, and in the book she wasn’t the only one who went into the machine) learns during her voyage that the beings who sent the signal have also been looking for signals themselves, signals from beings in some higher plane of existence that could have encoded messages into the fundamental constants and numbers of the Universe itself.
When Ellie (and the others) return, people don’t believe their story, and they’re forced to keep quiet by blackmail. But in secret they do their own studies and eventually find messages encoded in pi itself, giving them the evidence they need to reveal to the world what they had seen and that they didn’t just imagine it all.
This whole section at the end offers a more optimistic ending, I think, but it was cut from the movie because it was felt that moviegoing audiences wouldn’t get it.
So yeah, Paul didn’t misinterpret the movie — you should read the book.
April 16, 2009 at 12:08 am |
There is no need to waste time and money developing such applications. More powerful poll managers are always available – they are called editors, and they are humans.
April 16, 2009 at 12:23 am |
Moot has the best soup, therefore he is King of Time
April 16, 2009 at 12:49 am |
Anything is possible with zombocom.
April 16, 2009 at 12:50 am |
[...] Inside the precision hack – “At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked…” [...]
April 16, 2009 at 12:53 am |
Hilarious! I wonder how Time will react in their Person of the Year issue.
April 16, 2009 at 1:27 am |
[...] April 16th, 2009 Voting for the Time 100, Time Magazine’s list of the world’s most influential people in government, science, technology and the arts, has taken a bizarre turn. Rather than the expected dance-off between Stephen Colbert and Korean pop star Rain, the top spot is currently occupied by moot, the owner and operator of 4chan. Hear Time’s own take on it, and then, learn who hacked the vote. [...]
April 16, 2009 at 1:42 am |
Marblecake rules. We are amused.
Thank you for a very informative and fascinating article. You’ve solved a mystery for me.
I am, however, a little annoyed. You could have protected us all by simply mentioning the acrostic of Marblecake. Thanks to you, I’ve just lost the game.
April 16, 2009 at 4:09 am |
Sagan seduced a lot of people with his “Alien” crap.
April 16, 2009 at 7:16 am |
This whole thing reminds me of a brilliant Sportsnight episode.
April 16, 2009 at 7:38 am |
[...] minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works. Source and more… ——————————————————– This refers to: The 2009 TIME 100 [...]
April 16, 2009 at 7:53 am |
>Mooter is a dephi app (windows only)
I think you mean Delphi
April 16, 2009 at 8:10 am |
@creaothceann – yup, thanks. will fix.
April 16, 2009 at 8:24 am |
Super Journalism, brilliant hack!
April 16, 2009 at 8:58 am |
@ Ward:
Agreed! Joshua Malina was awesome in that, and everything else he’s been in…
April 16, 2009 at 9:22 am |
[...] (Quelle: http://musicmachinery.com/2009/04/15/inside-the-precision-hack/) [...]
April 16, 2009 at 9:23 am |
[...] world order So I read this article on how 4chan hackers subverted Time.com’s 100 Most Influential People [...]
April 16, 2009 at 9:28 am |
200 lines of perl for the lulz and the support to millions.
4chan really does own the internet.
April 16, 2009 at 9:54 am |
[...] Inside the precision hack « Music Machinery. Uncategorized [...]
April 16, 2009 at 10:10 am |
this is all cool except i can’t understand how you could possibly require anywhere near 200 lines to write them perl scripts~!
April 16, 2009 at 10:43 am |
precision hack indeed, up to the finest details, the bios of each person choosen to be in the list is very interesting :)
April 16, 2009 at 10:49 am |
> @ plamere Says:
> April 15, 2009 at 4:59 pm
>
>@pruneau – this relates directly to the music machinery >business. If a poll run by a large media company (that should >know how to run a poll) is so easily hacked, and with such >finesse (…)
I stand corrected. And thank you for taking your time to do and write about such an investigation.
But really, from my point of view (i.e. someone with some experience configuring networks and/or securing device and/or developping network software), the polling company did _NOT_ do due diligence.
The simple fact that someone using the same IPv6 source address can still do more than x votes per second shoot their whole “security” system downs right there.
They should review this, and appraise the fact that today internet is not a nice place by any means, or just admit that their polls can be rigged and be done with it. And use the results accordingly.
What makes this particular case special is that the rigging was done with neither malign, nor stealth intentions: it’s obvious for everybody to see.
Thanks and kudos to the “acrostic” hacker group for teaching us a valuable lesson in security. I hope the poll company gets it, tough.
April 16, 2009 at 10:58 am |
@pruneau – the fact that the company that messed up so royally happens to be one of the largest media companies in the world is predictive of the type security we are likely to encounter at many other online companies. For most, I suspect that security is an afterthought. We are increasingly relying on social systems to help us pick our music, our tv, our news, our political candidates. The fact that they are so vulnerable to hacking has potentially large impact on our lives.
April 16, 2009 at 12:19 pm |
[...] and you really don’t want to encourage these people to even look at you), who are able to shift even the biggest online polls at will. It shows how meaningless these polls really are when your position in them may be dictated by the [...]
April 16, 2009 at 12:34 pm |
Lesson: Whoever puts any weight in internet polls is a retard ^_^
April 16, 2009 at 12:46 pm |
Well, I fear you are right, but I hope you can be proved wrong.
One thing is sure, though: if they intent to base business on those polls, they will try and invest a bit more in security.
I know I’m daydreaming, but hey…
April 16, 2009 at 12:52 pm |
[...] Link zum Artikel (via) [...]
April 16, 2009 at 12:55 pm |
[...] 4:54 pm on April 16, 2009 | 0 Permalink | Reply Inside the precision hack « Music Machinery. [...]
April 16, 2009 at 12:56 pm |
that’s cool…
April 16, 2009 at 1:03 pm |
This is utterly artistic. While I certianly would not have voted for moot before this, I will be doing so now. Repeatedly.
April 16, 2009 at 1:05 pm |
Nice article. I wish people wouldn’t discredit all of Anonymous and do stuff like this. I mean it’s funny and all but it just gives people another reason to give us all grief.
http://www.pushthenet.com
April 16, 2009 at 1:08 pm |
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ 0 Reacties Geen Reacties tot nu toe Plaats een reactie RSS feed voor reacties op dit bericht. TrackBack URI Plaats een reactie Klik hier om de reply te annuleren. Automatische regel en alinea afbreking, email adressen nooit getoodn, toegestane HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> [...]
April 16, 2009 at 1:38 pm |
I think after the past couple of years TIME.com doesn’t really care who spends thousands of hours and leverages hundreds of fan sites to manipulate the poll. It’s not represented as a scientific undertaking and they are attempting good journalism while idle hands play around with their toys. Incidentally, NASA’s poll was recently hacked in the very same way and probably for the very same reason.
Lastly, TIME.com probably doesn’t have a vested interest in canceling those bot votes – since they are now counting that as user activity and will be able to justify higher ad rates to their adverts. Maybe, just maybe, TIME.com got the upper hand in this one and leveraged the power of the rabid fans to artificially increase their value!
April 16, 2009 at 2:13 pm |
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most [...]
April 16, 2009 at 2:16 pm |
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
April 16, 2009 at 2:17 pm |
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
April 16, 2009 at 2:17 pm |
[...] members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most influential person [...]
April 16, 2009 at 2:18 pm |
[...] Inside the precision hack « Music Machinery (tags: hack security) [...]
April 16, 2009 at 2:57 pm |
The meek shall NOT inherit the earth.
April 29, 2009 at 1:20 am |
The moot shall inherit the earth.
April 16, 2009 at 3:18 pm |
[...] of messagesRough Type — Twitter dot dash (reissue)Music Machinery — Inside the precision hackMootervote_moot.jpg (JPEG Image, 640×480 [...]
April 16, 2009 at 4:11 pm |
[...] via [...]
April 16, 2009 at 5:51 pm |
Wow, I am so far from techie, but that was interesting – and maybe slightly frightening. But, yeah, definitely fascinating. A whole ‘nother world that we’re all connected to – whether we know it or not. Thanks!
April 16, 2009 at 5:56 pm |
Oh, I guess this means that I just “lost the game”. Am I right? I just looked it up. Woa, one step closer to that mystifying technological universe. ;)
April 28, 2009 at 8:21 pm |
There are alot of interresting things in here that people are saying that are really interresting facts.
April 16, 2009 at 6:05 pm |
…so we needed proof with this level of intricacy to show “fixing”? weren’t the continually abysmal results of said “polls” sufficient data to convict? but many thanks for this cool article any way!
April 16, 2009 at 7:20 pm |
I knew who dunnit the minute I saw it. Nice.
April 16, 2009 at 8:28 pm |
[...] Inside the precision hack There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a [...] [...]
April 16, 2009 at 9:06 pm |
Pi is irrational. The digits are non-terminating, non-repeating. Therefore, all messages inevitably exist inside pi if you’re willing to search far enough.
But I haven’t RTFB, I’m just being an ass.
April 29, 2009 at 11:41 pm |
Actually, we don’t know if every digit is in pi. Just because it’s irrational doesn’t mean it’s normal. You see, a normal number is one in which every digit has a uniform distribution. There doesn’t exist a proof that pi is normal. (For that matter, neither is there a proof for euler’s number) Therefore, seeing such a message (by itself) doesn’t mean anything but it can lead supporting evidence to a conclusion that a greater power was manipulating certain things.
I have no idea whether the book goes over normal numbers, though, as I haven’t read it either.
April 16, 2009 at 11:39 pm |
HAHA!Constants are easy too manipulate man…The differences of darkness and light!Your evolutionism is
destroying your mind…
April 17, 2009 at 2:09 am |
[...] Hackers manipulate a poll (via Metafilter). Good quote from Metafilter: “The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers.” [...]
April 17, 2009 at 3:43 am |
/b/ = internet superheroes
April 17, 2009 at 6:53 am |
So why do they do it? Why do they write code, build complex applications, publish graphs – why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”.
Epic!
April 17, 2009 at 7:26 am |
I’m not sure that the calculation of pi contains all messages (like the infinite number of monkeys at typewriters generating the complete works of Shakespeare ({B Newhart, [Infinite Proceedings]}), but pi can’t be altered even by God (who in the bible didn’t even work it out to the nearest unit: 10 cubits x pi = 30). I know that Carl Sagan as author wanted to throw a little cosmic easter-egg to his abused heroine, who had just had the alien equivalent of the e-mail from Nigeria (aka “The Spanish Prisoner”), but I’m sorry that he chose that one. I would rather have had a straight line of pulsars in the sky signalling HANG IN THERE JODIE.
Alternatively, he could have left the question open for a little longer of whether all along she really -was- in a state of schizophrenic delusion. Most people who receive alien messages are.
Incidentally, there’s a Star Trek book where there are supercomputers whose data processing power is underestimated around 99 per cent because they spend most of the time goofing off, and for fun they have calculated that pi does finish up as a repeating decimal. But it’s a throwaway joke line. I can’t produce the proof that pi is not a fraction (a rational number), which is what a repeating number is, but I trust the people who can.
I can nearly imagine a universe whose physical rules are so different that although pi exists it is not significant, and the measurement of configurations is dominated by the constant called zelda, which I probably just invented. that is as close as I would contemplate to changing the actual value of pi. Also, the decimal (digits 0 to 9) expression of pi probably partly depends on the fact that we have ten “digits” on our hands, whereas other critters don’t (Yakuza). But that is a variable that does not allow for much expression. Actually, pi calculates really nicely in hexadecimal, and I think that serious pi nuts use that.
The decimal value of another “irrational” maths number, e, starts off with,
2.71828 18284 59045 23536…
Look at the hundredths to hundred-thousandths digits. And look at the millionths to the billionths. Now how about that?
April 17, 2009 at 8:22 am |
[...] The members of 4chan’s /b/ board also made the news a bit earlier this week, when they manipulated a Time.com poll so that it featured the name of 4chan founder ‘moot’ as the most [...]
April 17, 2009 at 9:37 am |
[...] 4chan Manipulates Time Magazine’s Most Influential Person of 2009 Poll [...]
April 17, 2009 at 9:54 am |
Peole are still using the web to do good things for poeple and companies. do take a look at http://cbt20.org.
April 17, 2009 at 9:54 am |
sorry http://cbt20.org
April 17, 2009 at 9:56 am |
And again the mainstream media misses every relevant point. And a blogger has to do the work. Time Warner will learn a lesson from this, but not the lesson they need, because they won’t ever read this article and take meaning from it.
April 17, 2009 at 10:46 am |
whatever geeks
April 17, 2009 at 12:29 pm |
[...] Pranks: Hackers are rumored to be manipulating Time.com’s poll to determine the world’s most [...]
April 17, 2009 at 2:42 pm |
[...] Time Empire Strikes Back It looks like Time has taken some action to combat the hack of the Time 100 Poll. They are now using a captcha to verify that the voter is a human – the [...]
April 17, 2009 at 7:43 pm |
best album of ALL time — led zeppelin “EAT THE PEACH”
April 17, 2009 at 9:13 pm |
[...] Inside the precision hack – Music Machinery In early stages of the poll, Time.com didn’t have any authentication or validation – the door was wide open to any client that wanted to stuff the ballot box. Soon these autovoting spam urls were sprinkled around the web voting up moot. If you were a fan of Rain, it is likely that when you visited a Rain forum, you were really voting for moot via one of these spam urls. (tags: anon humor web) [...]
April 17, 2009 at 10:33 pm |
[...] Inside the precision hack « Music Machinery (tags: 4chan) [...]
April 18, 2009 at 12:49 am |
marblecake will never die, even without its leaDARR
April 18, 2009 at 2:41 am |
[...] Inside the precision hack – "At 4AM this morning I received an email inviting me to an IRC chatroom where someone would explain to me exactly how the Time.com 100 Poll was precision hacked. Naturally, I was a bit suspicious. Anyone could claim to be responsible for the hack [...] After talking to ‘Zombocom’ (not his real nick) for a few minutes, it was clear that Zombocom was a key player in the hack. He explained how it all works." [...]
April 18, 2009 at 4:53 am |
HACKERS ON STEROIDS
April 18, 2009 at 8:35 pm |
[...] online echo chambers into apparent routes for the opinions of science or atheism. But PZ points to a recent poll hack that makes the efforts of his clan look crude and [...]
April 19, 2009 at 8:59 am |
Cool. Very interesting article. I am not aware TIME.com was hacked.
April 19, 2009 at 2:13 pm |
amazing stuff.. congrats to the 4chan team for their ingenuity and brilliance ! this made me lulz
:D
April 20, 2009 at 1:41 am |
[...] Inside the precision hack « Music Machinery [...]
April 20, 2009 at 2:55 pm |
Society needs people like Zombocom to show us unreliability of big media companies.
April 20, 2009 at 6:00 pm |
[...] Inside the precision hack « Music Machinery [...]
April 21, 2009 at 9:29 am |
I used actually work for a subsidiary of Time and I was at least partly responsible for making sure that there were no glaring security holes in the code that was written before it went live.
One of the biggest problems was that there wasn’t enough buy-in from management in this regard and hence the ratio of developers to security auditors was far too high. It simply wasn’t possible to read every line of code manually so we used automated tools and random sampling. Clearly, this leaves some room for improvement. Automated tools can pick up a lot but will always miss some things that a competent auditor will see.
Another problem was the quick turnaround required on some code. For instance, the poll can be announced in the magazine or even on the website by the editors and no mention of this made to the developers until a couple of days before it is due to go live. This shouldn’t happen, but it does and because the developers pull an all-nighter to get it up and running, the editors never have to take the blame for it not working. Hence, no incentive to modify their behaviour.
The last problem I will mention here was the varying nature of the developers. Some had good security coding practices and others didn’t. Team managers should have been fixing this when auditing code but, as I said earlier, not enough auditing was done.
I believe things have improved a little in the department where I worked but obviously the problem is not a solved one just yet. From my observations at other places I have worked and/or audited, these problems are not unique to Time.
April 21, 2009 at 12:35 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 12:56 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 1:01 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 1:04 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 1:23 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 2:44 pm |
[...] the results were hacked with an auto-voting program spread on 4chan. (For details of the hack, read this post). What does it mean? Marblecake is a sophomoric sexual reference, which is in keeping with the [...]
April 21, 2009 at 9:27 pm |
[...] 実はこの投票結果は、4chanで広められた自動投票プログラムによって不正操作されたものだ。(詳細はこの記事にある)。どういう意味だろうか。Marblecakeというのは青くさい性的行為のことで、リックロールやLolcatといったあそびに端を発する4chanの精神に沿っている。 [...]
April 22, 2009 at 1:12 am |
[...] run a big online poll and seen some abuse, I had to share this story posted on the Music Machinery blog. Every year, Time collects their list of 100 most influential people and conducts an online poll. [...]
April 22, 2009 at 8:40 am |
[...] The story behind the fabulously precise hack of Time magazine’s “most influential people” poll. [...]
April 22, 2009 at 10:00 am |
[...] Inside the precision hack – how moot and 4chan hacked their way into time.com’s “The Most Influential People of the 20th Century” [...]
April 22, 2009 at 1:13 pm |
dammit, i lost the game again! thanks a lot, anon. sheesh.
April 23, 2009 at 10:51 am |
[...] Inside the Precision Hack explains in details how the hackers manage to upvote and keep all the list in order. Interesting read I’d say [...]
April 23, 2009 at 10:57 am |
[...] out a message (’marblecake also the game’ (too cryptic for me – ed)) – see here for Paul Lamere’s post on how the hack was done (and what it has to do with [...]
April 23, 2009 at 12:01 pm |
[...] un jeu avec la participation aux usages sociaux, un peu à la manière – en très modeste – du hack de 4chan sur le classement de Time des most influential people in the world, qui montre que le web, et twitter en particulier, est [...]
April 23, 2009 at 1:09 pm |
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ zakładki [...]
April 24, 2009 at 11:14 am |
[...] top 21 names so their first letters spell "marblecake, also the game." According to an inside account detailed by blogger Paul Lamere, members of the 4chan website exploited weaknesses in the web [...]
April 24, 2009 at 11:34 am |
BEST rock album of ALL time = “EAT THE PEACH” by the led zepplien
April 25, 2009 at 4:12 am |
[...] out a message (’marblecake also the game’ (too cryptic for me – ed)) – see here for Paul Lamere’s post on how the hack was done (and what it has to do with [...]
April 27, 2009 at 4:31 am |
[...] moot on the cover of Time Magazine?? Thx Jmac 4 posting the hack tech article. Inside the precision hack Music Machinery OT8 procedures dox’d by an OT8 http://groups.google.ca/group/alt.re…350d2dcefd31/b My art: [...]
April 27, 2009 at 6:20 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 6:30 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 6:50 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 7:01 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 7:20 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 8:43 am |
News flash: 200 lines of Perl and a little report generation is not a “complex application”, it’s light entertainment.
I take that back. Maybe for the idiots at Time it’s a complex application, but that’s the problem, isn’t it?
April 27, 2009 at 8:50 am |
[...] – kuten niin usein tämänkaltaisissa äänestyksissä käy – äänestystuloksen haluamakseen. Musicmachineryssä raportoitiin tarkemmin käytetyt keinot, mutta tiivistettynä Timen varautuminen äänestystuloksen [...]
April 27, 2009 at 9:48 am |
[...] weeks ago, I read this article, detailing how the people of 4chan did a pretty funky precision hack of Time’s Magazines [...]
April 27, 2009 at 10:15 am |
[...] are going be left unsatisfied with their winner. Especially since the entire voting process was hacked to pieces. I hope you like that post! The Next Web Blog covers start-up news from all over the world (not [...]
April 27, 2009 at 10:27 am |
awesome
April 27, 2009 at 11:00 am |
For those who think this is just an odd case out: I do web development professionally. I spend a lot of time trying to convince clients to pay for security features and I get denied a lot. They think that no one is going to ever hack their application. It’s a bit disconcerting.
April 27, 2009 at 11:01 am |
[...] However, the results of the vote have nothing to do with influence. If you think that this is the result of a fair vote, think again. The entire first 21 results, as noted days ago, are the result of an elaborate hack done by 4chan users. [...]
April 27, 2009 at 11:38 am |
[...] Article on how /b/ hacked the poll. Detailed Scripts inside! Inside the precision hack Music Machinery [...]
April 27, 2009 at 12:01 pm |
[...] founder, moot, was listed as one of the top 100 candidates, nothing else mattered. As detailed here, the users found a vote could be cast using a simple URL GET query: [...]
April 27, 2009 at 12:04 pm |
[...] the results of Time’s poll with interesting results, as can be seen in the screenshot above. Paul Lamere has the dirt on how it was all done for those who are interested. I will now be able to look [...]
April 27, 2009 at 12:07 pm |
[...] TIME Top 100 Online Poll (Bildquelle) [...]
April 27, 2009 at 12:10 pm |
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
April 27, 2009 at 12:24 pm |
Comedic Juxtaposition…
These two articles, put side by side, are pretty funny.
April 15, Music Machinery, Inside the Precision Hack:
I’m reminded of this scene [encoded messages] by the Time.com 100 Poll where millions have voted on who are the world’s most influential p……
April 27, 2009 at 12:26 pm |
[...] If you aspire to be next year’s most influentual person, you can see how they hacked it here. [...]
April 27, 2009 at 12:48 pm |
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
April 27, 2009 at 1:01 pm |
[...] Inside the precision hack [...]
April 27, 2009 at 1:01 pm |
[...] This just makes me smile (via Music Machinery) Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
April 27, 2009 at 1:27 pm |
[...] Mooter砲はDelphiで作られたツールのようで、解説がこっちにあります。 [...]
April 27, 2009 at 2:07 pm |
[...] Paul Lamere’s post on the precision hacking of Time.com’s 100 Most Influential People in Government poll. [...]
April 27, 2009 at 2:22 pm |
[...] yeah now i remembered one of the great hacks………………had read about it a few days back… Inside the precision hack Music Machinery _______________________________________ prongs’s [...]
April 27, 2009 at 3:35 pm |
[...] read a fun article about how it was pulled off, which was highly entertaining. Who knew web-based applications could [...]
April 27, 2009 at 3:48 pm |
[...] 100 most influential list hacked by 4chan /b/ "Marblecake, also the game" Here’s how it was done. [...]
April 27, 2009 at 4:19 pm |
Well played good sir
April 27, 2009 at 5:12 pm |
RULES 1 AND 2
April 27, 2009 at 5:53 pm |
[...] saber que a pesar de andar circulando por la web tanto tiempo, no se tomaron cartas en el asunto. Inside the precision Hack [inglés] (aquí en español) narra y explica la historia detrás de esta obra que al final fue [...]
April 27, 2009 at 6:09 pm |
does this really qualify as hacking?
the article says the first draft allowed you to revisit a url to cast a vote.
the final draft had “the salt” hard coded in the flash swf file, which there are many descriptors for.
unless I or the article missed something, they didn’t do any more “hacking” than the average joe who puts up an unreachable score on a flash web game scoreboard. There are many ways to secure a poll better than this.
frankly I’m a little surprised they went into depth of writing a few if else statements to spell something out in the poll… I think the real surprise is that Time 100 didn’t use any real security, even after noticing a threat.
April 27, 2009 at 8:23 pm |
I think you need to read the whole article
July 27, 2009 at 11:12 am |
amen. this isn’t hacking. they cheated an online poll using some really simple techniques. flash decompilers are a dime a dozen, and the string “lego-rules” or whatever it was would stick out like a sore thumb. writing a gui in delphi with fancy plots just drives home that this was a fun little poll manipulation (something the /b/ guys seem to do a lot of), not a sophisticated, or even unsophisticated hack. they just have too much time on their hands (and i’m jealous) and they command a really large flock of sheep.
April 27, 2009 at 6:56 pm |
[...] The 2009 TIME 100 Finalists online-poll was manipulated with hither-to unheard of sophistication. Not only did hackers vote their choice into the #1 spot, but they stuffed the ballot so that the [...]
April 27, 2009 at 7:09 pm |
interesting,although I’ve just lost the game.
April 27, 2009 at 7:12 pm |
Oh Internet, how much do I love you.
April 27, 2009 at 7:52 pm |
NOW EVERYONE KNOWS THE HORRIBLE, HORRIBLE SECRET
April 27, 2009 at 8:26 pm |
[...] be fair to the other people participating in it. We wouldn’t want cheaters to make someone Lose The Game. Easy AdSenser by Unreal :4chan, Anonymous, internets, Lulz, moot No comments for this entry [...]
April 27, 2009 at 8:32 pm |
Could you you please ask Time.com to comment on this story? They have just announced that moot is the winner while denying any tomfoolery and not mentioning the ‘marblecake’ business at all. I find it hard to believe they dont know anything about this; its at least shoddy journalism and at worst blatant lies. Wheres their integrity? SOMEBODY please expose them.
April 27, 2009 at 9:15 pm |
[...] separated from the winner-take-at-least-a-good-deal rewards of market demand resulting in an efficient allocation of human capital. I certainly wouldn’t count on the benevolence of the garbageman and dog-catcher. Possibly [...]
April 27, 2009 at 9:41 pm |
Britney Spears fans have been doing this for years.
Her fans hacked the MTV VMA and MTV Europe Award polls in 2008 (unfairly beating Leona Lewis in each instance).
MTV bosses proceeded with both shows, as if nothing had happened. The Brit Awards have also been targeted in the past.
The only person to beat Britney Spears is Rick Astley, whose fans casted over one billion votes (not a typo) using the “rickvoter”.
MTV has no integrity, and probably enjoy millions of bots hitting their website, which they pass off to advertisers as genuine traffic. A complete and utter sham, for which they have never apologized.
April 27, 2009 at 9:50 pm |
Ironically, Parishioners,
I just lost The Game…
Blessings,
Le Rev Dr
April 27, 2009 at 9:52 pm |
Avril Lavine fans also gamed YouTube, using TubeIncreaser and TubeBooster, making her song “Girlfriend” the most watched video of all time.
The same video does not even make the top ten most favourited list (something that requires real people to favourate, and thus cannot be gamed).
Apparently YouTube find nothing wrong with this.
So who is making money from this scam? Does anyone care?
July 27, 2009 at 11:17 am |
dude. if you actually care about this youtube stuff, or that mtv crap that you posted before, then you need to turn off the computer and tv for a couple of weeks and sort it out.
April 27, 2009 at 10:01 pm |
[...] however, it looks like the first 21 results on Time’s list are the result of an elaborate hack. Take a [...]
April 27, 2009 at 10:13 pm |
[...] did the hack happen? I’ve already described in great detail the steps that the loose collective known as ‘Anonymous’ took to hack the poll. This [...]
April 27, 2009 at 11:06 pm |
[...] Time.com, someone posted this is the General Forum… The Time Top 100 Vote How they did it Attached Images [...]
April 27, 2009 at 11:40 pm |
[...] seems that 4chan fans managed to hack Time’s poll, as described by Paul Lamere, who writes software for Apple and was evidently invited to participate in a scheme to stuff the [...]
April 28, 2009 at 12:10 am |
[...] Details of the hack can be read here, well played /b/. mARBLECAKE ALSO THE GAME for [...]
April 28, 2009 at 12:15 am |
Time fails. I wonder how this will play out to the public. A magazine they read and trust has been pwned by a bunch of bored hackers.
April 28, 2009 at 1:12 am |
[...] section of the forums. To manipulate a Times voting pole to achieve greater justice, sure. (Inside the precision hack Music Machinery) But even then, that’s not hacking. Eh, I’m not to concerned. Anyone stupid enough to openly do [...]
April 28, 2009 at 2:11 am |
[...] Music Machinery, clearly reporting outside of its usual niche, has a rather detailed analysis of how 4chan manipulated the poll. This would certainly explain why Anwar Ibrahim, a Malaysian politician, nabbed second place. The [...]
April 28, 2009 at 3:06 am |
[...] Well, it wouldn’t be /b/ if they didn’t have a hand in it. So well played, /b/, well played. Details on the hack can be found here. [...]
April 28, 2009 at 3:10 am |
[...] Kane at rawstory lays out the general picture, Paul Lamere at Music Machinery fills in the specifics, and, if you want your eyes to bleed and your brain to [...]
April 28, 2009 at 4:51 am |
[...] That’s it … the poll is hacked! 4chan members hacked Time magazines top 100 list! The secret of how the epic hack was accomplished is explained in great technical detail at the Music Machinery blog. Read the article ‘Inside the precision hack’ at this URL http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ [...]
April 28, 2009 at 6:01 am |
[...] Inside the precision hack Music Machinery You guys need to read this, what they did was hilarious. It describes exactly what they did. ____________________________________ Welcome to the Thunder Dome [...]
April 28, 2009 at 9:09 am |
[...] into the mechanics of the hack itself and that’s exactly what Paul Lamere managed to do by speaking to the people behind it. He recounts how he had a 4am meeting in an online chatroom with someone only calling himself [...]
April 28, 2009 at 9:22 am |
[...] collection of exploits run against the poll are a nifty little set. Music Machinery’s got a nice overview of how the multipart effort came off. So was Time asking for it by including 4chan founder moot [...]
April 28, 2009 at 10:32 am |
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ [...]
April 28, 2009 at 11:34 am |
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
April 28, 2009 at 12:01 pm |
“for the lulz”
how epic she would put that in the end… no thats just stupied
April 28, 2009 at 12:21 pm |
[...] Time’s most influential. B-Tards hacked the Time magazine’s most influential list resulting in this: Full details: Inside the precision hack Music Machinery [...]
April 28, 2009 at 12:41 pm |
[...] the collection of exploits run against the poll are a nifty little set. Music Machinery’s got a nice overview of how the multipart effort came off. So was Time asking for it by including 4chan founder moot [...]
April 28, 2009 at 12:55 pm |
[...] Posted by -Thief- lol LOL indeed. On a different note, away we go. Shortly, there will be nothing stopping Obama from passing [...]
April 28, 2009 at 1:20 pm |
[...] [...]
April 28, 2009 at 1:37 pm |
[...] 4chan web hackers crushed Time magazine. [...]
April 28, 2009 at 1:40 pm |
[...] hacked- Inside the precision hack Music Machinery __________________ [...]
April 28, 2009 at 2:08 pm |
“For the Lulz”
EPIC WIN
April 28, 2009 at 2:49 pm |
[...] Admins des Time Magazines zum Wahnsinn getrieben hat, schlussendlich den Sieg davon getragen hat, ist hier nachzulesen. Und als wäre diese Schmach nicht genug, hat man dem Time Magazine noch eine Nachricht [...]
April 28, 2009 at 4:14 pm |
[...] Lamere at Music Machinary has the scoop on how /b/ hacked Time and not only made moot the most influential person of the [...]
April 28, 2009 at 4:47 pm |
m
A
R
B
L
E
C
A
K
E
A
L
S
O
T
H
E
G
A
M
E
We worked our butts off for this.
April 28, 2009 at 4:59 pm |
[...] Men det är inte det som är det roliga, som bloggen Music Machinery skrivit ett långt och mycket läsvärt inlägg om. [...]
April 28, 2009 at 5:33 pm |
[...] Music Machinery has a couple of excellent posts on 4chan’s triumphant carpetbombing (pre-captcha and post-captcha).Time, Inc. has responded to their complete failure with all the dignity and good [...]
April 28, 2009 at 6:22 pm |
[...] hackero lo lograron primero mediante peticiones GET HTTP donde rápidamente ubicaron a “moot” por encima de la lista, con la ayuda de autovoters [...]
April 28, 2009 at 8:02 pm |
[...] bored at work / just shooting the shit / no rails to derail thread On the internet anyway. : Inside the precision hack Music Machinery __________________ [...]
April 28, 2009 at 9:28 pm |
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
April 29, 2009 at 2:18 am |
[...] hackero lo lograron primero mediante peticiones GET HTTP donde rápidamente ubicaron a “moot” por encima de la lista, con la ayuda de autovoters [...]
April 29, 2009 at 6:37 am |
[...] alles zustande bringen. Einen tieferen Einblick, wie das alles vor sich ging erhaltet ihr auf dem Blog Music Machinery. Was lernen wir daraus? Traue niemals einer Statistik Liste, die du nicht selbst gefälscht [...]
April 29, 2009 at 7:48 am |
[...] В процесс онлайн-голосования, организованного изданием Time.com с целью выявить сотню самых влиятельных людей, вмешались хакеры. Обнаружив бреши в системе голосования, они сумели распределить имена претендентов таким образом, чтобы сформировать скрытое послание, отмечается в блоге Music Machinery. [...]
April 29, 2009 at 7:55 am |
“why do they organize a team that is more effective than most startup companies?”
hahaahaha, lulz. epic
April 29, 2009 at 10:46 am |
Interesting article. The hack is specktacular in that it is to Time mag, and lulz, but technicaly straight forward to any competant and experienced web programer who has the balls and inclination. Due to it’s hameless nature to such a powerful media organisation I admire Mr Moot.
April 29, 2009 at 11:30 am |
[...] hemligt meddelande: Marblecake, also, the Game. Läs mer om vad det betyder och hur det gick till här. Att kunna manipulera undersökningen så att en viss person kommer högst upp är en sak, men att [...]
April 29, 2009 at 12:21 pm |
[...] By Allie | April 29, 2009 [via music machinery] [...]
April 29, 2009 at 12:27 pm |
[...] Time seems to deny of any hacking involved, we suspect there is a high chance of foul play. What exactly does the words from the [...]
April 29, 2009 at 1:43 pm |
The game.
April 29, 2009 at 5:40 pm |
hai guise.. just wanted to know, what is /b/?
sincerely,
shttngdcknppls
April 30, 2009 at 1:17 am |
hai
April 30, 2009 at 1:18 am |
Ho ! Good !
April 30, 2009 at 3:31 am |
[...] once again. Global financial crisis, swine flu, increasing arrival of asylum seekers, and the Times 100 hack – hardly any real news at all! __________________ 24" 2.4GHz iMac, 2GHz MBP, (1.66GHz, [...]
April 30, 2009 at 9:00 am |
[...] obviously an organized hack by 4chan members to stuff the ballot box and raise his rank. In fact, Music Machinery writes in great deal of the hack, as revealed him by “Zombocom” in an IRC chat [...]
May 1, 2009 at 5:14 am |
Henrik Says:
April 27, 2009 at 3:49 pm
Honestly, I think /b/ would be able to have a bigger impact than any other kind of hacker group.
——————————————————–
ROFL. /b/ tards being hackers? You know how to make jokes!
Nothing but children and angry teenagers.
May 1, 2009 at 7:03 am |
[...] proceso por el que se puede reventar una encuesta viene muy bien descrito en este post , un sistema extremadamente sencillo cuando se entiende la vulnerabilidad de proponer sistemas [...]
May 1, 2009 at 9:09 am |
[...] The magazine also conducted an online poll. However, that poll was heavily hacked into by a mysterious bunch of hackers from the influential Web message board 4chan.or and was topped by moot – the 21-year-old creator of the board! Not stopping at making moot the winner with 16,794,368 votes using Autovoter scripts beating the likes of Barack Obama, Vladimir Putin and Oprah Winfrey, the hackers edited the entire top ranks to leave a crypted message. To read a detailed blog on how this was done go here. [...]
May 1, 2009 at 11:25 am |
This was certainly VERY interesting, and until I read the very last part ‘lulz’ this type of stuff always makes me want to learn how to script. But ‘for the lulz’! that kind of behavior is disgusting, it can hurt SO many people, just for the laughs? What happens when some teenager decides to try and hack something really important, just for the kicks? The CoS (Church of Scientology) does deserve whatever happens to it, I agree with people hacking and whatever them, but only because it is for a reason, a very good reason! For fun is almost never a good reason
May 1, 2009 at 1:33 pm |
網路民調之不可靠性…
Time 也不是新來混的,怎麼會連一些簡單的行規都不懂 ?!
今天看到一則有趣的新聞,內容是有關 Time Magazine 辦的 TIME 100 (全球百大人物) 網路投票 的事。故事是這樣的:每年 Time 都會選出一些……
May 1, 2009 at 5:55 pm |
[...] [...]
May 1, 2009 at 10:55 pm |
[...] blog ” Music Machinery” publicou uma explicação detalhada de como o hack foi feito. Segundo o blog, os [...]
May 4, 2009 at 12:08 am |
“they didn’t have range check on the voting ”
This really makes me think that what kind of newbie coder does Time use ?
Or is it so that they interested 0% of security
Hopefully this makes the security more interesting from now on
May 4, 2009 at 1:49 am |
weird
May 4, 2009 at 10:25 am |
[...] The Internet is not some monolithic entity, and there’s certainly not a culture that defines the Internet. If there was, it would probably be 4chan. I’ve never been brave enough to visit 4chan myself, it is a scary place. A scary place with a large membership. Time found this out when they allowed the anonymous public to vote for Person of the Year. They could have settled with just picking someone outlandish, but what the 4channers did was way more impressive. You can read all about it in this post on musicmachinery.com. [...]
May 4, 2009 at 6:41 pm |
[...] those who are interested, the details of the precision hack are in a blog post by Paul Lamere here. They make fascinating [...]
May 4, 2009 at 8:00 pm |
[...] : ขั้นตอนการแฮกโดยละเอียดจาก MusicMachinery ตอน 1, ตอน [...]
May 5, 2009 at 4:15 pm |
4 teh lulz!!!
May 5, 2009 at 4:21 pm |
[...] F!XMBR stiess ich auf den Link zum Hintergrund des Time.com 100-Hacks.Ist ist interessant zu sehen, wie vorgegangen wurde und es gibt einem selbst [...]
May 7, 2009 at 10:51 am |
marblecake wins >9000 internets
i lost the game..
May 7, 2009 at 9:09 pm |
[...] “Time 100″ dinner honoring the year’s most influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s fiance/Seagram heir Benjamin Brewer. According [...]
May 8, 2009 at 12:56 am |
its all fot teh lulz
May 8, 2009 at 12:47 pm |
[...] are official, Mashable writer Stan Schroeder figures TIME is playing stupid on the legitimacy of a hack that happened thanks to the hands of 4chan [...]
May 10, 2009 at 11:00 am |
[...] “Time 100″ dinner honoring the year’s most influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s fiance/Seagram heir Benjamin Brewer. According [...]
May 12, 2009 at 3:39 pm |
[...] Details of the hack can be read here, well played /b/. mARBLECAKE ALSO THE GAME for [...]
May 12, 2009 at 4:42 pm |
newfags can’t keep their mouths shut
also, i just lost the game
May 14, 2009 at 5:25 am |
Evry1 lost the game nub
May 16, 2009 at 5:15 pm |
[...] “Moot,” 4chan’s reclusive founder, emerged as Number One… see here and here.) “‘But I don’t want to go among mad people,’ said Alice. ‘Oh, you [...]
May 19, 2009 at 8:42 am |
[...] The true measure of how influential a person is on twitter, is that they’re being followed by people who aren’t following very many people first, and followed by other influential people second. It would be interesting if twitter had this metric on a user’s profile. However, I know that many hackers would be able to quickly become the most influential. [...]
May 21, 2009 at 4:49 pm |
[...] influential people outside of 4chan (marblecake, also the game, guys). That’s the new BFFs with Maya’s [...]
May 25, 2009 at 1:54 pm |
Absolutely fucking genius. A job well done.
May 26, 2009 at 2:22 pm |
Beautiful. I should take lessons from them. Dad wont teach me, even though he used to be a decent hacker himself.
June 3, 2009 at 6:49 pm |
[...] Time magazine recently discovered to their cost, it can be extremely difficult to protect fair, anonymous electronic voting against [...]
June 8, 2009 at 2:01 am |
I just lost the game :(
June 8, 2009 at 12:38 pm |
[...] can read the whole story on Paul Lemere’s [...]
June 8, 2009 at 4:26 pm |
Just shows how sad these people are to wreck Time’s poll just because they can.
July 27, 2009 at 11:20 am |
sad? i’d say they’re happy as hell getting all this publicity for cheating at a stupid online poll. much happier than you by the sound of it…
June 11, 2009 at 3:26 pm |
LOL! Things like this make me want to try going to 4chan…now if only it wasn’t full of hentai and stuff…
June 11, 2009 at 4:47 pm |
wait… this is hacking? i thought hacking required way more 1337 skills than what is described above. at least thats what the movie hackers paints it out to be. i mean this is fairly simple scripting… its not like they de-rainbowed the md5 or anything crazy
July 27, 2009 at 11:23 am |
i was half-expecting that’s what they’d done, but then remembered it was /b/, not people with skills. i guess running strings on a swf file is considered hacking these days…
June 11, 2009 at 4:49 pm |
for example:
“Someone figured out the voting URL protocol”
ummm thats waay easy. just use a console program like firebug
June 17, 2009 at 12:11 am |
I lost
June 19, 2009 at 9:19 pm |
[...] [...]
June 30, 2009 at 7:49 am |
look at total votes xD
June 30, 2009 at 6:40 pm |
[...] shill who will try to manipulate the chart in order to promote their interests. We see this in online polls, social news sites and popular music [...]
July 18, 2009 at 10:43 am |
[...] F!XMBR stiess ich auf den Link zum Hintergrund des Time.com 100-Hacks.Ist ist interessant zu sehen, wie vorgegangen wurde und es gibt einem selbst [...]
July 21, 2009 at 1:18 pm |
i thought they called it world of warcraft because everyone who plays it yells WOW in excitement, so they lengthened the abbreviation to world of warcraft
July 26, 2009 at 7:14 pm |
[...] story left me wondering just what the group who were able to stack the Time 100 Poll, create LOLCats & Rickrolling, and tear apart the life of a dodgy computer repairman (among [...]
July 27, 2009 at 9:39 am |
[...] most talented hackers out there. The last time 4chan was in the news was this April when they gamed a Time poll to find the top 100 most influential people. Talent aside, just the sheer number of people who use the 4chan site worldwide is enough to [...]
July 29, 2009 at 3:25 am |
Real,
August 21, 2009 at 12:45 pm |
this is hacked to the core !!!
marblecake ftw.
August 21, 2009 at 5:31 pm |
[...] etc., se encontraba moot, que lo único que ha hecho es el mítico 4chan. Según nos cuenta Paul Lamere, el tipo que fue contactado por Zombocom, el principal, al parecer, hacker detrás de esto, todo [...]
September 15, 2009 at 10:35 am |
Shit. I lost the game. Great article, though. It was good for some lulz.
September 17, 2009 at 10:12 am |
[...] http://musicmachinery.com/2009/04/15/inside-the-precision-hack/ a few seconds ago from Gwibber [...]
September 21, 2009 at 4:02 am |
[...] really give up on their online polls. After their “Most Influential Person” Poll was hacked earlier this year, they should have gotten the hint. Time.com recently hosted a poll entitled [...]
September 23, 2009 at 6:01 am |
[...] person in the world was 4chans founder moot, after he was voted to the top by 4chan poll bombers. The reality was even more incredible. What actually happened was that the entire Time Top 100 had been precision hacked so that the first [...]
September 27, 2009 at 2:02 pm |
[...] атаки, включая способы обхода капчи доступны здесь и здесь. Любопытно, что Time не стал отменять результаты [...]
October 18, 2009 at 10:00 am |
Hacking at its core, is simple exploitation. No matter how open that exploit is.. From item duping, to draining millions of dollars from banks. Although Hackers, are known for their skills, and ability to find these exploits by applying past knowledge. Script-kiddies on the other hand, use other peoples works, in the intent they are meant for, rarely discovering un-trotted territories. They also rarely know how a particular exploit works, they just know that it does. Just because you use someone else’s tools doesn’t make you less intelligent. In fact few hackers out there actually have their own OS they coded and designed, which means few hackers can say they stand on their own 2 feet completely.
Oh and “for the Lulz” is a great reason to do something, because if you ever need to do it again in the future, you now have the experience to make it go much smoother the second time around.
There is nothing more dangerous than a self proclaimed genius, especially when they have all the information of the internet at their disposal
If you believe you are to stupid to do something, you probably are.
4chan itself is more than just a zest pool, its a breeding ground for true creativity. Thousands of people, all trying to be able to say they are the creator of something popular, while simultaneously remaining anonymous, destroying all proof that the work was ever theirs. Lets divide 4chan’s populace into 4 categories, noting people can transcend, and regress, any or all of them at times.
NewFags – the bread and butter behind 4chan, usually without any photoshoping skills, they hang around perpetuating their favorite memes.
Trolls – these cheeky bastards, are here on a psychological level. They lead the NewFags around like sheep. They are manipulative and controlling, taking pleasure in their ability to predict, and control others.
OldFags – Players who consider themselves Senior members of 4chan, they have often been around for a long time, but not always. They usually have atleast moderate photomanipulation skills, and have a deeper understanding of what 4chan is about. Most of the meme’s come from this level, although some do come from the trolls.
Underground – This would be the elite’s with varying skills, and to much time on their hands. I havnt been around long enough to know that much about this catagory, and all I know are rumors
October 19, 2009 at 4:58 pm |
Haha.
Wow.
October 25, 2009 at 11:21 pm |
You call a hacker to someone who wrote a program in DELPHI!?!? You must be KIDDING, seriously! i call that person a YOUNG boy with many free time :P
October 27, 2009 at 11:43 am |
[...] In seiner einfachsten Form zählt man einfach die Stimmen irgendwelcher Nutzer zusammen und hat ein Ergebnis. Die Grenzen nerven schnell. Grund, sich mal mit ein paar weiter gedachten Verfahren zu [...]
November 5, 2009 at 10:21 pm |
[...] it was worth looking into an automated submission hack, much like (though less involved than) the marblecake/moot time.com poll hack. The HTML and javascript that controls the page seems very straightforward, and so this is where my [...]
November 16, 2009 at 5:04 am |
wonder how many of the 4chan droogies know that Pascal (that’s what delphi is an implementation of) was started at…
Apple.
In the 80s before they got into jail & jailing.
November 16, 2009 at 5:09 am |
object pascal… that is.
Was made for the Apple Lisa SDK & moved onto the Mac68k from there.
November 16, 2009 at 5:11 am |
Quality job of messin with Time Warner BTW. Classico.
December 19, 2009 at 5:13 am |
I love 4chan. Also, I just lost The Game.
December 25, 2009 at 12:24 am |
▲
▲▲
Also, The game.
January 6, 2010 at 2:48 am |
haha newfag
▲
▲▲
December 30, 2009 at 9:24 am |
Referring to the whole “worrying about how serious media companies take their security” thing:
I challenge anyone with the skill level of those who conducted this “hack” to try to extract a single dime from a system that Matters to Owners™. Seriously, the whole “manipulated by some collective” angle originating with the first post is nonsense. Anything that matters to someone on this planet, online or offline, is secured as it should be. If security seems lax it’s because nobody gives a damn about a TIME.com online poll, including TIME.com itself.
If you ever saw a successful, real hack on a valuable target know that the perpetrators are no /b/tards and have been spending valuable time on actual technical learning rather than “trolling the internetz.” And they won’t do it “for the lulz” since they are well aware of the consequences (and yes, an actual act of “hacking” has dire consequences if one gets caught).
In the end, this boils down to “lulz:” cheap, short-lived, insignificant, disaffected-youth-type enjoyment. Have a lollipop.
P.S. It’s tough, rough, and cold out here. Stick to your armchairs so long as respective basement owners haven’t applied the Final Solution to your little den.
December 30, 2009 at 11:14 pm |
Has anyone considered the possibility that this whole thing was just a way to get the internet generation interested in and talking about Time magazine? Why did they put moot in the poll in the first place?
Someone mentioned 4 categories of 4chan users, but they’re wrong. There are 2 categories: cancer and not-cancer. And considering how much child porn is on /b/ I’d say cancer wins the numbers game.
January 6, 2010 at 1:00 am |
I also lost the game. Fuck!
January 12, 2010 at 6:19 pm |
[...] it out) hacked Time’s online voting device in order to get a secret message spelled out. The details of their hack are here and I will admit it’s impressive. But the very first question that came into my mind was, [...]
January 23, 2010 at 3:13 pm |
I just loast the game.
=[
January 26, 2010 at 8:11 pm |
i lost the game
January 29, 2010 at 1:45 am |
I was unsure what the game was, but I found my answer, and now I have lost.
February 3, 2010 at 10:12 pm |
…
I am impress by technical knowledge.
I am disappoint in that this has not been done again. although I’m not sure how many polls moot would be in.
With that being said, 4chan has been pretty dang influential.
but srsly. hax sum srs stuff. kthnx.
*popping popcorn*
February 6, 2010 at 10:52 am |
NEWFAGS CAN’T TRI-TRIFORCE
▲
▲ ▲
▲ ▲ ▲
▲ ▲
▲ ▲ ▲ ▲
▲ ▲ ▲ ▲ ▲ ▲
April 27, 2009 at 9:40 am |
Try the library