It’s only rock and roll but hackers like it
The Eurovision Song Contest has been targeted by obsessed hackers who stuffed the voting ballots during the final qualifier song performance.
Votes flooded into the Melodifestivalen app during the final performance by Jon Henrik Fjällgren, forcing the contest organisers to nix the votes.
Head mananger Christel Tholse Willers called the surge an “extreme overload”.
“We are investigating an attack. The servers are configured for a very heavy load, but this was abnormal and extreme,” Willers says.
Of the 3.7 million viewers who watched the qualifiers about half a million used the app, increasing voting compared to last year by some 400 percent. Voice and SMS is still the preferred mechanism with 1.5 million viewers casting votes using those media.
Security tests initially indicated votes could be stuffed but not at sufficient levels to affect the contest. Some boffins claimed Melodifestivalen was not properly audited leaving it exposed to attack.
The £100,000 app requires users to log into Facebook or Google Plus, or register their mobile phone numbers.
Online polls are notoriously prone to stuffing and even more serious elections can be targeted: researchers found recent elections in the Australian State of New South Wales used a system that contained components found running the FREAK bug, forcing the affected monitoring tool to be removed.
Plenty of other voting mechanisms have been tampered with. TIME’s Person of the Year is a common target of hackers in web cesspit 4Chan who will direct bots to get tyrants to the top of nomination lists.
In 2013 Melbourne engineer Russell Phillips created a simple bash script to skew polls hosted by Australian media companies News Limited and Fairfax. That didn’t stop both organisations writing stories about the results of the puerile polls.