Hacking the Poll and 'Most Like or Tweeted' Contest To Win It
Well, after reading Semidoppel's post about Facebook "LIKE" and Text Votes Syndrome, I did realize that these kinds of system can really be faked. This does not apply to Facebook or Twitter but also includes all forms of web related voting system.

Non-techie people's way of faking it is by simply creating an account for different social networks and/or creating multiple of dummy emails that will be used to vote. What they don't know is that there is an easier way of doing this in the language of programming. Yup, this is the art of hacking.

Before continuing, let us start first by defining the word hacking since most people connotes this as something bad. Hacking is a way of breaking into a computer or computer networks with a specific reason. Goals can either be good, like for quality control, or something bad, like what crackers do. Crackers are usually the one who breaks into computer system or networks to destroy or gather information for profit. Never interchange the two terms, even if the though cracking is actually a form of hacking.

The Hacker's Way

Back to the topic, there are different ways to hack a certain voting system depending on what is used in the contest.

Starting with polls, 'Polls' usually use one or a combination of the following algorithms: flash that uses ActionScript, HTML via form submission, and JavaScript and PHP. So how do hackers breaks into it? It's as simple as doing a combination of Ctrl+U (View Source) and Ctrl+F (Find).

The usual steps goes like this, the hacker looks into the form for voting. If it is an embedded flash, you can actually get and save the SWF file and decompress it. Make sure that you look into details of embedding, usually parameters are included in there like the session id and other variables. For HTML and script related voting procedures, it would be an easier step. Scripts are usually included in the page itself all you need to do is to look for it and read it. JavaScript based system usually use external files so make sure to check all of the attached scripts. Aside from being external, most of them are also obfuscated so you need patience if you really want to read it. After learning how it works, hackers usually create an application that can do the same job in a faster and better way. Technically, we can say that this is reverse engineering.

Email confirmation system, wherein the user needs to enter his email, sends a confirmation response to his inbox to check the voter's validity. So what's the work around in here? Validation links usually have session keys or verification ids (or whatever they call it) and use this to check. Now by knowing this fact, a hacker can simply create a randomizer to help him find the right key for validation.

To be honest, I've seen one application that does this hack. A developer friend use that to win a certain popularity contest, and guess what? she won the free trip to Hong Kong. All she did is to look for valid email addresses (even without knowing the password to view it) and use this as dummy accounts to submit. The rest of the steps were the ones I said earlier about the verification ID.
Facebook and Twitter are harder to hack, I have developed an application before for Facebook and twitter that spams your wall and timeline. For that to happen, the user would need to grant permission for the application to do so. This prevents also the application to access the users information. But during my development, I actually read a lot of ways to do this without the user knowing that you have granted the apps with the said privileges, unfortunately, I forgot how to do it.

Well, Have you done this or do you have examples?

First things first, I NEVER done nor tried hacking any voting system, I always believe on a 'fair fight'. What's the essence of a contest if you win it by cheating? Not unless, the contest itself is for hacking.

With that belief, I would rather not discuss any codes in here, you may ask Google instead. Besides, I am writing this article not for the purpose of showing how to hack but to analyze that these methods of voting are prone to hacking.

So Do You Still Think that On-line Voting is Not Good?

All I can say is it all depends on the host of the contest. A good reason to do this is by the following ways:
  1. Voting via social networking sites creates more back-links for the site

    The best way to maximize this benefit is to assure that the contestants are on the host's site. More 'Likes' and 'Tweets', means more back-links and traffic too.

  2. Promotion

    We all know how social networking sites affect the SEO and popularity. With that in mind, tweets and likes would really be beneficial

  3. The Importance of Content of the contestant

    For me every content is valuable, it's how every people see it that makes the difference. Sharing and tweeting this might advertise the content for people who see this article or post important or worthy. That means that you cannot judge the contestant's piece just because you think that it isn't worthy in your eyes.

  4. For Search Engine Optimization purposes

    It's as simple as this, more back-links, more tweets, more share and likes means better SEO. That's all.

Again, it all depends on the hosts goal of implementing it. Still, contests like this adds more fun in my opinion.

How about you, what can you say?


  1. My eyes got caught of your title dude! I thought you will teach us how to hack. Well, it's better not to teach the public. Though hacking is known as bad thing, some people can use it for good.

    Regarding to voting system, I guess, internet won't be the best way to vote.
    1. Websites can be manipulated.
    2. The more friends you have, even the content wasn't that good, you'll win.

    Thanks for sharing this bro! Maybe you can teach me to hack someday. ;p

  2. While it is first agreed upon the host and the contestants, I couldn't agree with you more in this post Aj. There are such systems and added to that is the way contestants shared there entries to their friends - How they shared it? Was it in ethical way? 

    All I know is that in facebook, when your link shares get a lot of spam reports - your link will be ban from sharing it again. It will take weeks to get back to normal and that time it is with spam verification captcha whenever you share the link. 

    Legitimate comments are a good proof as you're assured of the page impressions and interactions. 

    Tweets and Likes don't count much in Google SEO. Google gets moving on their Google+ search features. 

    Thank you Aj! This is a great share! Very informative! 

  3. well my first intention was to really post the how-to's but as I was doing it, I thought that it would not be nice to post such things on the web even though it could help -- sometimes.

    glad that you liked my post! :)

  4. thanks for the nice share too Kira! actually before,  FB actually sends warning to the user who post too much links and later on banned for a while. I was able to receive a notice before due to an app that I created in FB that aims to spam :p

    thanks again! :)

  5. Thanks for sharing ssuch a nice post mate...keep it up. I have bookmarked your blog for see more from you. Best Wishes from Team PC Support

  6. hmmm still thinking...

  7. thinking to do hacking? :p

  8. thanks and your welcome! :)

  9. AJ! WOW special mention! By the way I would like to tell you that I feel happy that my article had an impact on you. I love what you put in this article, keep it up.

    BTW ... walang link kaya di nag appear trackback...sinabi lng ni Kira itong post n to hehehe. Thanks dude!

  10. Thanks din po, nagkaroon ako ng idea dahil sa post nyo :)

    Actually may link po yan, di ko lang alam kung bakit di masyadong pansin sa default CSS ng template ko :p Ginawa ko na lang bold yung font para kitang kita :D

  11. I dreamed that skills too but no motivation to keep on.I recommend you to study ethical hacking that's the best hacking career path if you're determined AJ.

  12. thanks bennix! 

    well i'm trying to be a gray hat hacker. I'm usually doing it for fun and for the sake of helping other people and programmer. Though I always make sure na wala akong na-a-agrabyado pag ginagawa ko yun, mahirap kalaban ang konsensya eh :)

  13. Right...right AJ.Just do hacking for fun and  exploration never exploit others  or else one day an FBI will suddenly visit your den....:) 

  14. Great article, however, yo u can't put a clean fight on a contest without hacking if you are facing a hacker on the contest, so my premise here will be if you can't beat them, join them, i lost a car in a contest, and i'm absolutly sure the winner was a hacker, i actually know an indian guy who can hack a lot of apps, but he won't tell me how no matter how much i ask :P

  15. Hi Pedator! well I always believe on a clean and fair fight so even if I am capable of doing it, I won't dare to try.

    Thanks for the comment! :)

  16. PositOrange6/9/12, 4:48 AM

    Regardless of their inability to fairly judge a winner, companies like to organize these kinds of contests on Facebook because it increases traffic to their page and increases the Facebook "people talking about this" metric. But you're absolutely right that most of these things on Facebook are not very sophisticated and can be gamed - just look at how many companies there are listed at http://www.buyfacebookfansreviews.com that do nothing other than promote Facebook pages and photos and things. But these kinds of contests will not be stopped because they're a cheap way to promote your page. Giveaway an iPad or something and get a bunch of extra traffic to your page. That's something that is beneficial to most companies.