Welcome to The Perfect Curve.

UK Parliament petitions website - potentially compromised?

simon gray - 2016-06-29, 12:39:08

In the aftermath of the referendum vote to leave the European Union, one of the things being focussed on is a petition (which ironically was created a month before polling day by a Leave supporter when it was looking like there would be a likely Remain win) calling for a second referendum. At over 4 million signatures it is probably the most-signed petition in history. Or at least it would be, if those signatures were valid.

Suspicions started to be raised when somebody had a look at the raw open data JSON feed for the petition and noticed there were a number of signatures appearing to come from the UK - including more signatures from certain countries than those countries' populations! The Government Digital Service is already investigating these potentially fraudulent signatures and removing them.

As much for a programming exercise to learn how to parse a JSON feed as anything else, I decided to make a tool to make that country data human readable, and display on a pie chart what the proportion of UK to non-UK signatures might be, and how significant that proportion might be.

So the tool is at https://perfect-curve.co.uk/toys/petition, and on there you can see a live real-time feed of signatures as they are logged in the system after a user follows the confirmation email..

The first thing to note is the proportion of (notionally valid) UK-sourced signatures vs (notionally invalid) non-UK signatures, at 96% UK to 4% non-UK; i've done some checking with other petitions on the site, and that split is broadly commensurate with other petitions, which makes a claim of there having been an orchestrated attempt to get foreigners' signatures a bit tenuous.

However, more importantly, if you leave the page open you can see there's a continuous trickle of new signatures. 'not surprising for a popular petition' you may think, however that continuous trickle is indeed just that - not many peaks or troughs, which you'd expect from normal user behaviour. but more to the point, I observed between about 11pm last night until about 7am this morning, including at 3am (no, I didn't stay up all night just to watch a graph...) that continuous trickle carry on. Now you might think there would be the odd person still awake at 3am who thinks there's never been a better time to sign a petition, but I doubt you'd get a trickle of such people all the way through the night.

So on that basis I conclude that the petitions website has been compromised by a botnet, which is also linked to disposable email accounts to verify the signature, which is autosigning the petition. This means that not only is this particular petition an unreliable measure of public feeling, but until the GDS addresses and plugs the exploit, none of the petitions on the site can be considered reliable.

One thing to be clear about, though - at this stage it is not possible to reliably conclude who or why this compromise has been exploited - we can no more reliably conclude that it is down to a disgruntled Remain voter trying to bolster support than we can conclude it is a Leave supporter trying to discredit what was already becoming a record-breaking petition; indeed for all we can tell, it could just be a random l33t h4x0r taking the opportunity to try out their skills.

In group Public / Third Sector Digital

Brought to you by simon gray.

Please note! This is work in progress - if you have come across it by accident you're free to stick around, but please be aware not everything will work as intended yet. I have a To do list.