Tories, ‘hacking’, Twitter and #cashgordon – Look, I Just ‘Hacked’ Mark Reckons’ Site Lib Dem Voice!

ETA: Actually Mark doesn’t use the Lib Dem Blogs RSS feed – just features the RSS feeds of various Lib Dems, under a ‘lib dem blogs’ header, so I thought he did. Feel free to substitute in the name of $prominentlibdemblogger below

Yesterday, a website run by the Conservative party, , got redirected to various supposedly-offensive (if you consider elderly people engaging in consensual homosexual acts offensive, which I personally don’t) websites. A lot of people are claiming that it was ‘hacked’ by ‘Labour stooges’.

Now, the Conservatives are claiming that this was people ‘hacking’ their site – and people have been getting threatening ‘phone calls at work about their alleged part in this ‘hacking’ – and arguing that this means there should be more regulation of the internet. In fact all that happened is the Conservatives were incredibly, ridiculously stupid.

The Tories set up a new website, to try to make the Labour party look bad for taking money from unions, to deflect from their own problems with funding from non-domiciled billionaires to whom they gave peerages, though exactly why it’s meant to be bad that the Labour Party were given millions by a union I have yet to understand (and I am no supporter of Labour, as you know). To promote this site, they started a #cashgordon hashtag on Twitter, and got excited when it started trending – even when it turned out that most of those using the hashtag were making fun of the Tories, because they said ‘all publicity is good publicity’.

They even had an unmoderated ‘twitterstream’ on the website, displaying every single post anyone made to Twitter using this hashtag. Can you see the problem yet, boys and girls?

They should have learned from the Torygraph, which last year during the budget had a live twitterstream which very quickly turned into a stream of abuse against the Telegraph, jokes, and general anarchy (a couple of my ‘tweets’ then actually got quoted in Private Eye at the time, because mine were some of the few printable ones). If nothing else, they should have realised that as soon as a hashtag starts ‘trending’ (showing up in a list of popular hashtags), spambots start posting using that hashtag, so very quickly a large proportion of the tweets using that hashtag – and thus showing up on their website – were by that popular Twitterer Ms Britney Fuck-Vids.

However, some people wanted to experiment a bit more, and started posting little bits of JavaScript to Twitter, along with that hashtag. Now, Twitter is a properly-designed website. If you post random bits of JavaScript to it, it displays them as text. However, was designed (for $15,000 ! ) by people who literally don’t know the first thing about web design. So it ran this JavaScript in the browsers of people visiting the site.

Those people are *very* lucky that the JavaScript in question merely redirected their browsers to lemonparty ( a site which, I am given to understand, having never visited it myself, shows three elderly gentlemen engaging in mutual oral sex) or, far more offensively, the Labour party website. That shows, if nothing else, that this was people playing around and having fun, not doing anything malicious – allowing for execution of arbitrary JavaScript code from unknown sources could very easily lead to much, much worse (and it’s lucky this was noticed, and the site pulled, before someone put in a link to a Windows virus or phishing site).

But looking at what’s happened, it’s absolutely obvious that nothing was ‘hacked’ (in the vernacular sense of someone ‘breaking in’ to someone else’s website, rather than the sense used by computer people – in that sense it was quite a funny ‘hack’) at all – people posted material that was *perfectly safe* to *their own twitter streams* – their own websites. The fact that the Conservatives – in attempting to use that material for political gain – did incredibly unsafe and stupid things with that material is fundamentally neither the Twitterers’ fault nor their problem.

For an analogous situation, many Liberal Democrat bloggers include a feed from Lib Dem Blogs on their page, showing the titles of the most recent blog posts by Lib Dems. Were I to title a post “Pee Po Belly Bum Drawers”, that title would show up on Mark Thompson’s site. I would not, however, have ‘hacked’ Mark’s blog. I wouldn’t even have visited his blog, or necessarily even known that my post had showed up there (I read Mark’s blog through a feed reader). I hope you are all suitably impressed with my ability to get profanity onto the site of the 20th most influential blogger in Britain. F33r my 133t h4x0r 5ki11z!

However, there are a few differences. Firstly, were I to title my post ” <script type=”text/javascript”>window.location=’http’ + ‘://'</script> ” it wouldn’t turn into executable script that redirected Mark’s blog to geriatric porn, because neither Mark nor Ryan who runs Lib Dem Blogs are the kind of complete imbecile who would let that sort of thing happen. Secondly, all blogs whose RSS feeds are aggregated at Lib Dem Blogs have to be manually approved, and can be removed if they start doing that sort of thing, so it’s a relatively trustworthy source. And thirdly, these feeds only go on people’s personal blogger accounts, not on official party sites that cost tens of thousands to build.

So no-one was ‘hacked’, and this was nothing regulation could or should have stopped (though were there some kind of ‘internet roadworthiness’ test along the lines of an MOT, that site would have failed it, and likewise all those responsible for its creation just failed their ‘driving test’). Quite simply, if you put up a giant billboard and a free supply of marker pens, along with a sign saying ‘please draw whatever you want on here’, and you come back a while later and see someone has drawn a great spunking cock on it, that should be *what you expected to happen*, not a shocking discovery. If you don’t want people to graffitti your site, *DON’T ASK THEM TO*

And one final thing – the Torygraph have been claiming that this ‘hacking’ – which we have now proved was nothing of the sort, was by ‘Labour stooges’. As I was following events as they happened, I happen to know that the lemonparty redirect was courtesy of ‘liberal provocateur‘ , who tweets as @hashbangperl (and whose description of himself as a ‘hacker’ on Twitter should definitely be taken in the sense I linked above, and *NOT* in the sense most people use it…)

So, in total, what we have learned today is that if you’re going to pay tens of thousands of dollars for an exciting whizzy social media site for your political campaign, you should give it to somebody with the first clue about what they’re doing. An expensive lesson, and one I suspect the Tories won’t actually have learned…

This entry was posted in computing, politics and tagged , , , , . Bookmark the permalink.