Online petitions run risk of being rigged

Hackers claimed to have used computer bots and left scripts running to create the counterfeit names. PHOTO: THE NEW PAPER

Online petitions can be easily rigged.

In 2016, an online petition in Britain for a second Brexit referendum was reportedly hacked. Some 77,000 fake signatures were later removed.

Hackers claimed to have used computer bots and left scripts running to create the counterfeit names.

The Straits Times carried out an experiment to find out how easily this can be done. An online petition calling for a ban on bubble tea sale outside primary schools was created on a popular petition website.

After three days, the petition, which was not publicised on social media platforms, received only two signatures.

Kantu, a free automation software, was then used. Several commands were created to tell the program to generate fake signatures and automatically fill in names.

Kantu was left to run on its own and it generated about 1,000 signatures a day. In three days, over 3,000 signatures were produced. The fake petition to ban bubble tea sale was even labelled as one of the popular petitions on the website.

Said tech entrepreneur Alvin Poh, 34, who runs the blog  www . alvinpoh.com : "Most manual processes can be automated by programs known as bots. In some cases, hackers use made-up e-mail addresses or throwaway e-mail addresses to sign up for petitions."

One tell-tale sign that a petition result might be rigged would be the large and sharp jump in number of signatures over a short period of time, said Mr Poh.

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Straits Times on February 25, 2019, with the headline Online petitions run risk of being rigged. Subscribe