Posts Tagged hacking

When 4Chan Gamed the Time 100

Last week I did a skype interview with a reporter from Time who was interested in the backstory on how the 2009 Time 100 Poll was hacked.  They’ve put it all together into a nifty video segment:   When 4Chan gamed the TIME 100

, ,

1 Comment

TechCrunch rickrolls the Hype Machine

Last week, on the Hype machine blog, Anthony indicated his increasing frustration in how easily charts could be manipulated – Anthony wanted a better way, one that was transparent, and gave more influence to the influential.  Anthony’s solution was to create a twitter chart that is based on the twittering activity of Hype Machine songs.  In this new chart Twitterers with more followers have more influence than those with few.

A number of commenters on Anthony’s blog pointed out how it would be easy for a single very popular twitter user to influence the charts.  And that is exactly what Erick Schonfeld of TechCrunch did. Erick used the power of TechCrunch for evil.

Evidence of Erick Schonfeld's rickroll

Evidence of Erick Schonfeld's rickroll

With one tweet from the TechCrunch twitter account (with its nearly 1 million-person reach) he was able to put Rick Astley’s Never Gonna Give you Up at the top of the Hype Machine Twitter chart.  Erick writesThe Hype Machine’s formula is flawed. No single person should be able to affect the rankings so easily“.

It’s arguable whether or not this is a dishonest manipulation of the charts.  TechCrunch really does have a reach of 1 million people – and so by tweeting Rick Astley they are potentially exposing  those millions to this song.  However, in reality, people don’t read TechCrunch for music recommendations – TechCruch is just not a music tastemaker (sorry Erick).  A tweet by TechCrunch counts much less than a tweet by Indie music guide Pitchfork.

Update – Note that the spammers are now starting to recognize the twitterverse as a place that they can target.  If you have $27 you can get the twittertrafficmachine to get you 20K followers in a month:


Anthony should adjust how he scores a tweet to not only include the reach of the tweet but  to also include the music reputation of the source.   It is not as easy to determine the music reputation as the number of followers for a source, but it is much more important.   Some indicators that a tweet has real influences are whether people actually click on the link and listen to the song and whether the poster actually  listens to music, especially new music, before it gets popular.

I suspect Anthony will be tweaking his scoring algorithms soon to make the charts better reflect what real music listeners are listening to, not just what popular people are listening to.

Update: Anthony has responded in he comments.

, , ,


The Shill Machine

hype-machine-logoThe very popular blog aggregator The Hype Machine  has a ‘Popular Page‘ that shows the tracks that have been most favorited in the last 3 days. This is a great way to find out what the music zeitgeist is.  However, Anthony (Mr. Hype Machine) recently discovered that a number of highly favorited artists seemed to have reached the popular page by nefarious means.  According to Anthony, it appears that a number of artists became popular when many presumably fake accounts,  created  from the same IP address in a very short period of time all favorited a single artist in an apparent effort to get the artist to appear on the popular page.  This type of hacking is not too surprising – whenever you have  a chart or poll that relies on ‘the wisdom of crowds’ you are susceptible to the shill who will try to manipulate the chart in order to promote their interests.  We see this in online polls, social news sites and popular music sites.

When Anthony  became aware of how the Hype Machine was being manipulated, he and the rest of the Hype machine team fought back, instituting a Captcha mechanism to prevent automated account creation, ignoring favoriting activity for new accounts, and  keeping a much closer eye on new account activity.

But Anthony didn’t stop there, he went one step further.  He named names.  He posted on his blog a list of all the artists that, according to Anthony have “attempted to manipulate the charts on the Hype Machine”.  Anthony says he published the list to “let everyone make their own judgments about quality, integrity and marketing strategies:”.  But really, I suspect that Anthony’s real motivation was to shame those that would attempt to try to enlist the Hype Machine to promote their band.

A commenter on that blog post that claims membership in one of the outed shilling bands protests that they absolutely did not create fake accounts and they had been unfairly defamed (literally)  by the Hype Machine. But Anthony responds with a list 4 tracks by the band that had each been favorited from a single IP address  by over 40 separate, newly created accounts. Anthony says “Given that this is a time-consuming activity that primarily benefits you, you can see how it appears likely that you or your team may have been involved”.

Should Anthony have outed these artists?  Surely the excessive favoriting could have been an overzealous  fan that decided to try out a new way to hype their favorite band (to put the ‘hype’ in Hype Machine, if you will), and the band is blameless. But from Anthony’s point of view it doesn’t really matter.  Anthony is going to protect the integrity of the Hype Machine and he’s going to do it by pointing to any band that has benefited from ‘unnatural’ enthusiasm.  Even if it means public humiliation for the blameless.

I suspect Anthony’s next problem will occur when some pranksters realize that they can get any band blacklisted at the Hype Machine by a bit of nefarious activity.  By simply creating a set of  sham accounts and favoriting tracks by the vicitim band from those sham acounts, the Hype Machine can be manipulated into blacklisting and humilating the band. Is your ex-girlfriend’s new boyfriend in a band?  Get your dorm floor to create 50 Hype Machine accounts, favorite his tracks and watch the fun as he gets outed and shamed as a shill.

The lesson here is that charts that show popularity are hard to get right – they can be easily manipulated for fun or for profit.  Anthony should be prepared to fight an escalating war against those that want to manipulate his charts. And the more popular the Hype Machine becomes, the bigger the target it will be for the hackers and the shills.

, , ,


Precision Hacking


I’ve seen a few examples where recommenders, polls and top-ten lists have been manipulated. Generally a central coordinator sends a message to the hoard that descend on the  to-be-hacked site. Ron Paul’s sheeple, or pharyngula‘s followers are prime examples of the type of group that can  turn a poll upside down in a matter of minutes.

It has always seemed to me that such coordinating manipulation was a blunt instrument.  The commanded horde could push a specific item to the top of a poll  faster than a Kansas school board could lose Darwin’s notebook, but the horde lacked any subtlety or finesse.  Sure you could promote or demote an individual or issue, but fine tuned manipulation would just be too difficult. Well,  I’ve been proved wrong.    Take a look at this Time Poll.


Not only has the poll been swamped to promote Moot (the pseudonym of the creator of 4chan, an image board and the birthplace for many internet memes) as the most influential of people, the poll crashers have manipulated the order of all the other nominees so that the first letter of each line spells out ‘marble cake, also the game’ (marble cake is not really a kind of cake btw).    This is pretty phenomenal, precision hacking.   Precision hacking of an extremely high profile poll run by a top notch media company.  Now, imagine if the same energy was put into getting that latest Lordi album to the top of the pop 100 charts.  I’m sure it could be done (and I’m already wondering if perhaps it has already been done, and we just don’t know it).

Polls, top-N lists, and recommenders based upon the wisdom of the crowds are susceptible to this type of manipulation.  Better defenses are going to be  needed otherwise we will all be listening to whatever 4chan wants us to listen to. (via reddit)



Hacking spotify

Spotify is the new “old napster” – everyone who uses it seems to love it.  As this Google trends plot shows it is starting to become very popular.

Spotify vs. Napster

But there is a downside to becoming popular – when you are popular you start to become a target of hackers.  This is happening  to   Spotify now – Spotify is another platform waiting to be explored and exploited.  Some notable hacks:

  • Lastify – this is a rather benign hack – it adds a couple of buttons  to the bottom of your spotify client that let you apply ‘love’ and ‘ban’ to the currently playing track.


  • Despotify – the open source Spotify client –  this is a rather extensive hack. has reverse engineeered the Spotify protocols and have built an open source Spotify client (with curses text-mode goodness). The client includes code that decrypts the encrypted music served by Spotify, potentially allowing anyone to not just listen to music, but to download and save it as well.  Here’s a video of Despotify in action:

    Already, Spotify seems to have responded to this hack, according to the  Despotify page: “Despotify has been blocked for users using ‘free’ or ‘daypass’ accounts. You can still use despotify using ‘Premium’ accounts.”.  That seems fair – if you pay for Spotify, you can use  whatever client you want.

  • Geographic hacks – Spotify is only released in certain countries.  If you don’t live in the UK, Spain,  France, Sweden, Norway or Finland you are out of luck – but not really.  According to this article in Wired, some users are using a UK-based proxy to allow access to Spotify from places like the USA.

As  Spotify gains in popularity, the Spotify engineers are going to be playing a bit of wack-a-mole to keep the hackers at bay in order to keep the Spotify platform stable and performant.  So far, they seem to be doing a very good job.