Time’s Poll Hacked


Though Time won’t admit it, their poll on the most influential person was hacked. Moot, the founder of 4chan is rated #1. Not only that, but if you read the first letters of the poll results, you get “Marblecake also the game”. This refers to the IRC Chanel where many 4channers congregate as well as “the game” an internet meme. This article is very interesting as it delves into the details of the attack. Focusing mainly on what happened when the autovoting software was shut down due to reCaptcha.  you’ve probably seen reCaptcha before. It presents you with two words, made difficult to read by strange kearning, warping, and squiggles. If you can read it, you’re most likely a human. Anon, a common name for 4channers, first tried to hack reCaptcha.

Their attempt at hacking reCaptcha relies on the process reCaptcha uses to identify words. It presents you with two words, one of which it already knows. The other is compared to a database of common responses to that word. Anon decided that if they entered “penis” enough times, they could flood the database allowing their autovoter to function again. This, though clever, was unsuccessful. They eventually settled on manual voting. This was taking too much time, they feared they would never reach their goals. To help with this, they built a simple interface that would preload several reCaptchas and cue up votes. This streamlining allowed them to squeak in the votes they needed to accomplish this.

It’s also worth noting that Time didn’t close the vote entries when the poll closed. They removed the poll from their site, but the streamlined vote software was still working. Anon is a powerful force of nature. If only we could harness it to cure cancer or HIV.

50 thoughts on “Time’s Poll Hacked

  1. But they didn’t do much other than simply brute force it.

    Anon “power” in this case was simply a lot of people willing to do a mind numbing task of voting again and again and again

  2. Let me get this straigh Hack-a-Day. You couldn’t break your “only B&W pics” rule for an article that really needed it (the PCB baking article) but you can break it for something trivial as this?

  3. @loose

    This is not a “daily hack” only posts with the tag “daily” are the official hack-of-the-day. The daily hack is black and white and has scotch tape on the corners of the picture. Look at about the last 203981 non-daily hacks and you will see a good portion of them are color. /rant

  4. Not correct. We started out with just marblecake. Then when we found out how easy it was to influence the poll, we added “also the game”.


    This is both correct and incorrect.

    The first 150M votes or so was made by autovoters, only the last 200K was done by hand.

    Plus: It was not many doing it, a couple of the guys that was typing captchas did 40K by them self. The did 1K-20K each.

    But then again, not really a hack. More like ballot stuffing. No entering and breaking at all.

    musicmachinery.com has a couple of good articles about both pre and post captcha.

  5. Don’t forget the twitter attempt by anon. The double captcha is used by twitter and was needed anons to enter them in the attempt to make a fake twitter account the first to 1M followers.

  6. Time is interesting in that they keep declining but don’t go under, even though you’d expect that to have happened years ago already, they stuff reality in their own way it seems.

  7. yeah i part of it too… didn’t see a captcha either? i think i might have just broke under all the stress of legion messing with time. oh well, you just lost the game.

  8. @Ciaran
    If you use firefox you can quickly remove CSS formatting from pages by selecting the menu view->Page Style->No Style.
    It’ll make the page white and text standard size and removes alignments, so it’s not too pretty, but it can make some sites legible with it, and you can quickly switch back again to the previous style.
    In FF you can also edit userchrome or use certain plugins to do it more neatly and just have the capitals letters restored, but that’s not too interesting for occasional visitors.

    Not sure about the options in IE7 or IE8 since I didn’t bother updating to it because I never use IE and when I tried IE7 on other computers I found it had some annoying aspects I do not particularly care for. I’m assuming the opera browser also has such an option but through the years whenever I tried opera it looked OK but it kept crashing on me, and that’s not what I look for in a browser :)

    As for why no caps, it’s a design choice I guess, like the B&W pictures, it goes back to basics,

  9. What is this article doing on hackaday? anon/4chan a “force of nature”? A bunch of pre-teens who didn’t even notice when they were being played into “raiding” sites for other people, and who readily run “secret tools” like “longcat”, simple perl and python scripts that turn their own box into a DDOS-client, making it easy for the target host to abuse-complain them out of their isp contracts.

    Seriously, hackaday, consider not ego-feeding these trolls. They’re a bunch of kids who attack everything they don’t understand, and are exceptionally bad at that, too.

  10. @polerin

    Except for the part where, y’know, /b/ is shit. Pretty much every undesirable aspect of the internet (Gaia, Myspace, LJ, ED, etc.) have made their way to /b/. Buncha underage faggots going “ROFL ANON IS LEGION SO RANDUM XD”. It gives the rest of 4chan a bad name.

  11. when it comes to ddos and general input flooding 4chan is the best. i think most of the sites ‘hacked’ by anon where actually knocked offline with the exception of maybe three.

  12. These poll hacking things are pretty lame. I like it when anonymous catches / fucks with pedos and animal abusers and shit like that though, but they’re just as likely to fuck with any random teenager that somebody reverse-trolls them into hating so it’s kind of a double edged sword.

  13. Nobody writes automated frameworks for microbiology or virology..too bad.

    Maybe they can get the phone numbers and street addresses of some federally funded scientists and make death threats, maybe the scientists will get tired of filtering mail and calling the telco and get in the labs more. ^^

    They’re not hackers on steroids. It’s an open input system with a mass following of adolescents and whatever has a web browser who don’t mind following the leader in raids that consist of ddos through bandwidth meter consumption and low intelligence high frequency attacks like prank call with leaked info etc..

    nay sayers feel free to do actual research. Myspace was social engineering through email and most of the other stuff was ddos via raid announcment.

  14. “But they didn’t do much other than simply brute force it.

    Anon “power” in this case was simply a lot of people willing to do a mind numbing task of voting again and again and again”


Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.