Winter Carnival Poll Hijacked by Bots
February 12, 2018
The Picador hosted a competition that would earn the winning dorm 50 extra Winter Carnival points, but what was intended to be a light and friendly contest, ended up snowballing into an all out war of bots. But how?
The average student may visit The Picador, vote in a poll, and then not be able to vote anymore. This is due to cookies left on your computer. However, some students may have noticed that when in incognito mode they could vote as many times as they wanted by simply refreshing the page. When in incognito mode the server can’t tell that you have already voted, allowing some people to vote as many times as they wanted.
This way of voting will only get you so far, and, as some students found out, there were better tools that they could use. These tools consisted of Applescript and a program called Selenium. Applescript is on almost every Mac, and it can easily create a program that will automatically move the mouse around as directed. All you have to do is tell it where to move the mouse, vote, reload the page, and then repeat. Similarly, Selenium is a program that will allow the user to automatically control the browser’s actions. Unfortunately, both of these methods are rather inefficient and vote slowly. This was easily averted, as some enterprising student would run the program on all the computers in the computer lab.
Yet, for some of the more technologically advanced students there were better and more efficient methods of voting. In particular, Andrey Yao and Julila Tran created their own programs through the use of Java and Terminal
Below you can see how Andrey Yao went about creating a program that was able to gather nearly 2 million votes!
I went to the website & looked at the source. I then googled to find a automation framework in java called Selenium. Selenium allows you to run repeated tasks on your browser with code. My code: First navigate to www.thepicador.org then I proceed to a loop: First search for the “Rathbun” radioButton, click it. Then, search for the “vote” button, and click it. After that, clear all cookies in the browser (The website sends you cookies to attempt to prevent stuff like this). Finally, refresh the browser and loop again.
I then decided to add some GUI so that other people in the dorm can use it easily just by clicking it.
Below, A picture of part of Andrey Yao’s code to further demonstrate the complexity:
Unfortunately, the excessive voting was the cause of great concern for The Picador’s host, SNOSites. Once the poll reached 6,000,000 votes, Mr. Herring was contacted that “Our monitoring scripts have detected malicious traffic on the picador.org. Someone has written scripts that are hammering the site trying to vote and revote and revote on the most recent poll about “What’s the Best Dorm? (Most votes earns 50 Winter Carnival points).” As a result, The Picador’s ability to support polls was temporarily suspended. And, even worse, the points from the competition were never distributed to the dorms, winners listed below.
Day Boys 4014
Day Girls 84
The Hill 1949