Wednesday, June 30, 2010

A quite hackable poll

A while ago I wrote about how to fraudulently vote on the BCS Pioneers poll. At the time I noticed that a very small number of votes were necessary to swing the poll.

Today, the result is out and Alan Turing has won with 39.5% of the vote. Hurrah! (Although it would have been a travesty if any of the other four pioneers had trumped Turing).

But the most interesting thing is that BCS has revealed the total number of votes. They say that 9,500 people voted. That's tiny, and shows why vote fraud would have been possible (and why I saw that automatic voting worked so well). Taking the percentages given by BCS we can get to actual vote counts for each Pioneer: Alan Turing 39.2% (3,439 votes), Sir Clive Sinclair 19% (1,805), Sir Tim Berners-Lee 16.5% (1,567), Hedy Lamarr 15.1% (1,434) and Ada Lovelace 10.2% (969).

So between Turing and Sinclair there are 1,634 votes. So, suppose you wanted to fraudulently put Sir Clive in first place. If you restricted your voting to UK working hours (to make the votes look probable), used a number (12 on the following list) of UK based proxies (to fool vote geolocation), and choose to swing the vote over a week you'd need to add one vote every 1.5 minutes. So a nice slow running script could do that work for you. No need to pound the server and set off any alarms.

This also explains why Hedy Lamarr managed to run up to the top so quickly. Even without automated voting the total number of votes was so low that a good campaign on social media (such as Twitter or Facebook) could have easily pushed her into top position. After all, she only got 1,434 in total.

No comments: