web analytics

Herald Hacker did us all a favour

Written By: - Date published: 8:00 am, November 4th, 2009 - 27 comments
Categories: interweb, polls - Tags:

The New Zealand Herald have disabled all online polls on their website until further notice, after a hacker (or hackers) severely skewed the results of three polls. I say well done, and I’m sure I’m not the only one sick of online polls being carried out by the media and reported as news.

Firstly there’s the obvious problem that online polls are in no way scientific. The findings cannot be transferred to the population at large because those surveyed are only those visiting the particular website. The results can’t even be claimed to be representative of the overall readership of the website, as only those choosing to participate are included.

The only way to claim a poll has any validity is to take a truly random sample of the target population. The views of people visiting a website may not represent the views of people in the rest of the population. The type of people choosing to participate in an online poll may not represent the wider selection of people who visit the website.

Despite all of this, I’ve seen far too many cases where the NZ Herald has published online poll results as front page news. Having a tiny disclaimer at the bottom of the article saying the poll results aren’t scientific doesn’t make it any less misleading.

Secondly, even if the media want their online polls to simply be a gimmick, and only report them as being the views of those who read the website and choose to participate, there are still issues that can’t be resolved.

There is no way to secure an online poll and still have it open to anyone who visits the website. By secure I mean preventing people from entering multiple times. The ways I’ve seen various media attempt to do it are:

1. Cookies
This involves storing a record on the users computer once they have participated, and checking for that record every time someone tries to enter the poll to ensure no one votes more than once.

This is among the most primitive methods for securing a poll, and the one currently used by the NZ Herald. First, it is very easy to disable cookies on your computer, eliminating the problem for most polls (including the NZ Herald polls). Some polls are a little smarter and will not allow you to enter the poll unless you have cookies enabled. This is still easy to get around as you can delete your cookies and then re-enter.

2. Email Address
This involves making people enter an email address before participating, and then ensuring that the same email address cannot participate more than once. If utilised correctly, this method can be slightly more effective than the cookies method.

The Dominion Post used this method in a very insecure way a couple of years ago by simply making people enter an email address before participating. They didn’t bother to verify email address entered, so anyone could just make up non-existent email addresses and enter multiple times.

The more secure way of using this method is to send the user an email and force them to click on a unique link before their vote is counted. This ensures that the person does own the email address in question. Of course for people like me who own domain names and have “catch-all” email addresses, we can just start with say 1@domain.com, 2@domain.com, 3@domain.com and keep going for eternity.

3. IP Address
Everyone using the internet has a unique Internet Protocol Address, at least for the particular time they are on the web. The smartest polls only allow one entry per IP Address, but the method is still not full-proof. Limiting by IP Address means only one person per household or office can participate for a start.

Those without a static or fixed IP Address (most of NZ) can simply reboot their modem or router, thereby re-logging on to their Internet Service Provider and obtaining a new IP Address. Of course this takes time, and probably limits the number of times someone might be willing to bother entering.

Unfortunately for those utilising this method, there are easier and more effective ways to bypass it. IP Addresses are sent in the header data to a web page, and are very easy to fake if you know what you’re doing.

I’ve never seen an online poll for which I can’t easily write a script to run on my computer and vote as many times as I may wish. I can even multi-thread the scripts so they vote multiple times simultaneously over and over again. Even better, none of this so called “hacking” is illegal, as it doesn’t involve anything more than accessing what is publicly available.

The media continue to use online polls and report the results as news, seemingly not caring that all security methods have been proven unsafe in the past. So thanks to the hacker who forced the NZ Herald to stop using online polls. Let’s hope the change is permanent and they don’t attempt any of the other insecure methods listed above.

lprent: Editing teh Herald also posted on this with some interesting points (between the justifiable sniggering)

27 comments on “Herald Hacker did us all a favour ”

  1. IrishBill 1

    You know more about his than I do Rocky but I thought that a “hacker” actually had to hack something. Somehow I doubt that someone broke into the back end of the Herald poll and skewed it.

    If they did I’d suggest they probably need to get out more. I do tire of these polls being used as cheap-hit news stories though.

    • rocky 1.1

      Agreed Irish – it isn’t technically hacking. The Herald called it that to make it look like it wasn’t their own fault.

  2. lprent 2

    Maybe we should do everyone a service and publish some scripts?

    • Tigger 2.1

      Great idea. Unscientific online polling quoted as hard fact is a serious threat to democracy. Kill them or at least turn them into the fun little sideshow they should bee.

    • rocky 2.2

      Hmmm… not a bad idea. Let’s wait and see if the Herald put their polls back up since they’re the ones who abuse the reporting of them the most. Know of any other media that report them as seriously as the Herald?

  3. Funnily enough, the Herald article about this mentioned that the “…hacker entered the system…”.

    Now whether that’s another example of psuedo-technospeak that the rest of the article is riddled with, or whether they actually think their internal systems were tampered with remains to be seen.

    Try as they might, clearing your cookies is by no definition hacking.

    • rocky 3.1

      Well I guess technically you’re “entering the system” even if you are just viewing a web page. I’ve seen various definitions of hacking, some would include this and some would not. Most importantly, it isn’t hacking in the legal sense.

  4. l33t hax0r 4

    There is one way to prevent scripted attacks against online polls, and it’s the same method that this blog uses as an anti-spam prevention when posting comments: a captcha image. http://en.wikipedia.org/wiki/CAPTCHA

    It’s still not perfect, but it’s far better than nothing (and far better than cookies or IP restrictions or unvalidated input fields), and the concept is widely deployed and understood.

    • rocky 4.1

      Odd that I never thought of that method for securing polls given I use a captcha thingy on all web forms I write now. Perhaps it’s because I’ve never seen any NZ media use it to secure their polls.

      That would certainly prevent my scripts, though it wouldn’t stop multiple manual entries. Gets rid of my main argument against online polls anyway – as long as they then report them only for what they are.

    • lprent 4.2

      It’d be a good basic step. Definitely not perfect. I think I could write some edge tracking code that would bypass it. It isn’t that hard to do.

      On the other hand I’d write it at a C/ASM level so I guess that’d cause issues for all of the script bunnies (maybe not python – that is bloody fast).

    • Chris S 4.3

      Slight side-distraction here, but here’s a first hand account of how Anonymous/4chan hacked the Times “Most influentual person of the year” online poll in a most spectacular fashion.


  5. BLiP 5

    Maori World Cup TV bid hits trouble

    … snip …

    And a new poll suggests Mr Key’s decision to make Maori TV lead the bid for the free-to-air rights was a line-ball call, with New Zealanders divided on whether it was the right thing to do. The Herald-Digipoll shows a slim majority of 45.2 per cent disapprove of Maori TV leading the bid, while 44.1 per cent approve. . . . snip . . . The poll shows how divisive the Maori TV bid has been, with much of the opposition related to the small amount of Maori language that would be incorporated in its commentary.

    Wow!! Imagine that!! Who’d have thunk it?

  6. ghostwhowalksnz 6

    Didnt the Herald list the IP addresses they were getting ‘hacked’ from., and
    My quick check gives (118-92-185-135.dsl.dyn.ihug.co.nz) (ip-118-90-40-97.xdsl.xnet.co.nz (atm1-0-939.akl-grafton-car1.ihug.net)
    Seems to be just generic ISP addresses

  7. kaplan 7

    It may not be illegal but given the nature of the way the polls were screwed it would be interesting to know who was behind it. The whois info of course doesn’t tell us plebs much but the ISP’s will be able to narrow it down to an individual account holder or organisation and geographically as well, though I am not sure with how much accuracy they could easily do that.

    I find it interesting that the first poll affected was related to Destiny and it makes me wonder if someone with a vested interest went after that poll, then buoyed by their success had a partisan crack at the subsequent polls as well.

    I don’t buy the “18 yr old guy in a black t-shirt” line from Mr Rees. Actually wtf does that even mean? All hackers are goths?

    If The Herald really wanted to pursue this story I expect they would need to push the hacking angle to get the ISP’s cooperation. I think The Herald would view it as in their interests to pursue, if only to protect that false faith they want people to have in their polling!

    • funny how the Herald only ever mentions this stuff when the hacked result doesn’t align with their editorial interests. this isn’t the first time they’ve done this mock outrage over someone screwing their pretend polls.

    • rocky 7.2

      Might be partisan, might not be. Doesn’t look related to a particular party in any case – could be someone taking the piss or someone sharing their views. Who cares?

      “18 yr old guy in a black t-shirt’ I believe is more referring to a geeky teenage boy – your stereotypical hacker. Kind of like a teenage version of Lprent. Fortunately I don’t fit the stereotype 😉

      I can’t imagine the Herald would get the ISP’s cooperation unless they can prove illegal activity. Easy for the herald to ban those IP’s from their site though.

      [lprent: I didn’t fit the stereotype when I was young. That was more something I grew into later on after I stopped bothering being ‘responsible’. Takes maturity to get to the really great geeky states. Mind you the new geeks are mostly political activists….. ]

      [rocky: Maybe you didn’t fit the stereotype when you were young, but you have to admit if people were to imagine you at that age that is what they would imagine 😉 And while you might not have had the black t-shirt or the glasses, from all accounts you were a geek. Especially that story I hear about the programmable calculator you were given.]

      • kaplan 7.2.1

        So all this time I’ve been trying to fit my look to my profession by wearing glasses, white shirts, using pocket protectors and perfecting the ‘laugh-snort’ has been for nothing! I think I still have a black Pearl Jam t-shirt away in a box somewhere from my late teen years… I will have to dig it out.

        Re the polls, one swing was Pro-Act Party the other Pro-Destiny. Not sure if there is a link but I thought Actoids and Destiny members probably have some common ground. They don’t say what the swing on the environmental poll was, but if it was strongly anti-environment I think it could show a pattern.

        Having said that, the essence of your post does focus on the ridiculous way these polls are portrayed, when they really aren’t worth the bandwidth they consume, and I agree that is a more relevant subject that who did the hacking.

      • the sprout 7.2.2

        mmm, ‘maturity’ like a really ripe cheese

    • Draco T Bastard 7.3

      The whois info of course doesn’t tell us plebs much but the ISP’s will be able to narrow it down to an individual account holder or organisation and geographically as well, though I am not sure with how much accuracy they could easily do that.

      Very easily, wouldn’t take more than a few minutes to get all the relevant details of the account holders. In reality, there’s no such thing as anonymity on the internet.

  8. illuminatedtiger 8

    They did do us all a favor but I feel for the guy who unwittingly acquires one of the three IP addresses The Herald listed. Although it’s not surprising they did list them considering their definition of responsible journalism.

Recent Comments

Recent Posts

  • Tokelau Language Week reminds us to stay united and strong
    Staying strong in the face of challenges and being true to our heritage and languages are key to preserving our cultural identity and wellbeing, is the focus of the 2020 Tokelau Language Week. Minister for Pacific Peoples, Aupito William Sio, says this year’s theme, ‘Apoapo tau foe, i nā tāfea ...
    BeehiveBy beehive.govt.nz
    10 hours ago
  • NZ announces a third P-3 deployment in support of UN sanctions
    The Government has deployed a Royal New Zealand Air Force P-3K2 Orion (P-3) maritime patrol aircraft to support the implementation of United Nations Security Council (UNSC) resolutions imposing sanctions against North Korea, announced Minister of Foreign Affairs Winston Peters and Minister of Defence Ron Mark. “New Zealand has long supported ...
    BeehiveBy beehive.govt.nz
    4 days ago
  • Pacific trade and development agreement a reality
    Pacific regional trade and development agreement PACER Plus will enter into force in 60 days now that the required eight countries have ratified it. Trade and Export Growth Minister David Parker welcomed the announcement that the Cook Islands is the eighth nation to ratify this landmark agreement. “The agreement represents ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Securing a pipeline of teachers
    The Government is changing its approach to teacher recruitment as COVID-19 travel restrictions continue, by boosting a range of initiatives to get more Kiwis into teaching. “When we came into Government, we were faced with a teacher supply crisis,” Education Minister Chris Hipkins said. “Over the past three years, we ...
    BeehiveBy beehive.govt.nz
    1 week ago
  • Border exceptions for a small number of international students with visas
    The Government has established a new category that will allow 250 international PhD and postgraduate students to enter New Zealand and continue their studies, in the latest set of border exceptions. “The health, safety and wellbeing of people in New Zealand remains the Government’s top priority. Tight border restrictions remain ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • First COVID-19 vaccine purchase agreement signed
    The Government has signed an agreement to purchase 1.5 million COVID-19 vaccines – enough for 750,000 people – from Pfizer and BioNTech, subject to the vaccine successfully completing all clinical trials and passing regulatory approvals in New Zealand, say Research, Science and Innovation Minister Megan Woods and Health Minister Chris Hipkins. ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • International statement – End-to-end encryption and public safety
    We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security.  It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Ministry of Defence Biodefence Assessment released
    The Ministry of Defence has today released a Defence Assessment examining Defence’s role across the spectrum of biological hazards and threats facing New Zealand. Biodefence: Preparing for a New Era of Biological Hazards and Threats looks at how the NZDF supports other agencies’ biodefence activities, and considers the context of ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • New Approaches to Economic Challenges: Confronting Planetary Emergencies: OECD 9 October 2020
    New Approaches to Economic Challenges: Confronting Planetary Emergencies: OECD 9 October 2020 Hon David Parker’s response following Thomas Piketty and Esther Duflo. Good morning, good afternoon, and good evening, wherever in the world you might be. I first acknowledge the excellent thought provoking speeches of Thomas Piketty and Esther ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Kaipara Moana restoration takes next step
    A Memorandum of Understanding has been signed today at Waihāua Marae between the Crown, local iwi and councils to protect, restore and enhance the mauri of Kaipara Moana in Northland. Environment Minister David Parker signed the document on behalf of the Crown along with representatives from Ngā Maunga Whakahī, Ngāti ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • New Zealand and Uruguay unite on reducing livestock production emissions
    Agriculture Minister Damien O’Connor and Uruguayan Minister of Livestock, Agriculture and Fisheries Carlos María Uriarte have welcomed the launch of a three-year project that will underpin sustainable livestock production in Uruguay, Argentina, and Costa Rica.  The project called ‘Innovation for pasture management’ is led by Uruguay’s National Institute of Agricultural ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • 3100 jobs created through marae upgrades
    Hundreds of marae throughout the country will be upgraded through investments from the Provincial Growth Fund’s refocused post COVID-19 funding to create jobs and put money into the pockets of local tradespeople and businesses, Regional Economic Development Minister Shane Jones and Māori Development Minister Nanaia Mahuta have announced. “A total ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Health volunteers recognised in annual awards
    Health Minister Chris Hipkins has announced 9 teams and 14 individuals are the recipients of this year’s Minister of Health Volunteer Awards.  “The health volunteer awards celebrate and recognise the thousands of dedicated health sector volunteers who give many hours of their time to help other New Zealanders,” Mr Hipkins ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Community COVID-19 Fund supports Pacific recovery
    The Minister for Pacific Peoples, Aupito William Sio says a total of 264 groups and individuals have successfully applied for the Pacific Aotearoa Community COVID-19 Recovery Fund, that will support Pacific communities drive their own COVID-19 recovery strategies, initiatives, and actions. “I am keen to see this Fund support Pacific ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Community benefits from Māori apprenticeships
    Up to 50 Māori apprentices in Wellington will receive paid training to build houses for their local communities, thanks to a $2.75 million investment from the Māori Trades and Training Fund, announced Employment Minister Willie Jackson today. “This funding will enable Ngāti Toa Rangatira Incorporated to provide its Ngā Kaimahi ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Training fund supports Māori jobseekers
    Rapidly growing sectors will benefit from a $990,000 Māori Trades and Training Fund investment which will see Wellington jobseekers supported into work, announced Employment Minister Willie Jackson today. “This funding will enable Sapphire Consultants Ltd. to help up to 45 Māori jobseekers into paid training initiatives over two years through ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Ruakura Inland Port development vital infrastructure for Waikato
    The Government is investing $40 million to develop an inland port at Ruakura which will become a freight super-hub and a future business, research and residential development for the Waikato, Urban Development and Transport Minister Phil Twyford, and Māori Development Minister Nanaia Mahuta announced today. The funding has been has ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Appointments made to Defence Expert Review Group
    Defence Minister Ron Mark announced today the establishment of an Expert Review Group to review a number of aspects of the New Zealand Defence Force’s (NZDF) structure, information management and record-keeping processes.  The Expert Review Group’s work arises out of the first recommendation from the Report of the Government’s Inquiry ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • No active community cases of COVID-19
    There are no active community cases of COVID-19 remaining in the country after the last people from the recent outbreak have recovered from the virus, Health Minister Chris Hipkins said today. “This is a big milestone. New Zealanders have once again through their collective actions squashed the virus. The systems ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Clean energy upgrade for more public buildings
    More public buildings will be supported by the Government to upgrade to run on clean energy, the Minister for Climate Change James Shaw announced today. Minister Shaw announced that Lincoln and Auckland universities will receive support through the Clean-Powered Public Service Fund to replace fossil fuel boilers. Southern, Taranaki, and ...
    BeehiveBy beehive.govt.nz
    2 weeks ago
  • Schools back donations scheme for the second year
    More schools have opted in to the donations scheme for 2021, compared to 2020 when the scheme was introduced. “The families of more than 447,000 students will be better off next year, with 94% of eligible schools and kura opting into the scheme,” Education Minister Chris Hipkins said. “This is ...
    BeehiveBy beehive.govt.nz
    3 weeks ago
  • Ruapehu cycle trails gets PGF boost
    The spectacular Mountains to Sea cycle trail in Ruapehu District will receive $4.6 million in funding from the Provincial Growth Fund for two additional trails, Regional Economic Development Minister Shane Jones announced today. “This is an exciting development for the local community, and one that will provide significant economic opportunities ...
    BeehiveBy beehive.govt.nz
    3 weeks ago