Second Referendum Petition FRAUD

>Trying this hard
Globalists are desperate, good sign.

hmmmm
you would think since they locked it they would have caught on...

This board cheats on every single youtube video they don't like. Shill and cheat on every single fucking online poll they don't like. So eat me

I'm not sure Sup Forums were the original bot spammers. Most people here have been spamming places that immediately scream scam. That's why Vatican City and North Korea are #2 and #3

I'll make you scream BREXIT with my dick

to discredit it? Pretty smart 2bh but uk still has >2mil votes, how many of those are legit?

I'd guess 300k-500k

All that were needed were 100k anyhow

I mean, should we be worried then? Should we bring attention to this?

Updated analytics desu, the Vatican has over 30,000 referendum requests with a total population of 451 lol

If you add all the signatures by constituency, you will get all the signatures made in the UK

Then if you add the signatures by country, excluding the UK's Signature Count you get quite close numbers (if not higher) according to the petition.

It seems that there is a cron task updating the values every x time so it makes it easier for handling the data.

TL:DR

You should get data for GB's signatures on the "signatures_by_constituency" part not on the "signatures_by_country" part, and then add the results excluding the GB from the countries, to get the precise data from the petition.

That's a lot of Popes!

What you see on the Signatures By Country is an outdated value.

When it got updated at around 23:01 (backup time) it got bumped from 365,483 to 2,401,768. accordingly to the Signatures By Constituency

So no, there is no edited data by any human on the json or the database.

What could be happening is someone just feeding false information to the server on other countries, but that isn't affecting the GB votes due to the additional layer of security regarding these.

Who cares, an internet petition can't override a national referendum.
This is desperation.

We need to send this to the electoral commission or something, or at least make this fraud common knowledge.

>good goy, mislead the curious

If only popular youtubers like Stefan memelux or Nigger pigeon chould do a report on this.

lmao
what exactly is signatures by country? Its all the non-uk ones?

Signatures By Country are non UK ones.
Signatures By Constituency are the UK ones.

Note that on Signatures By Country you should discard the GB result as it's not updated on realtime.

so they essentially count uk votes twice or is that only on the json?

>Someone edited the file at a point within the two hours

Let me shed some light on this topic for you guys.

>Database was edited, not the JSON

You do not edit a "json" file. You generate a json file. The json data is a key value store representation of a database. In this case most likely MySQL or MsSQL, depending of if their win-fags or not.

>Serialization

The data from the database is then "serialized" into JSON. The reason why JSON is serialized is because it is pretty easy for any programing language to read a JSON key value store as almost all languages have identical data structures.

>Shity Frameworks

I'd be money is .NET based. Typically only an amateur PHP & ASP.NET devs actually pump their API dictionaries / json objects to an actual .json file.

It's possible they're even intentionally using a compromised / outdated framework / server so they can "hack themselves" and alter it externally without leaving any internal trail.

>Confirming our Hypothesis
Lets take a look at the server.

Windows faggots get a linux live CD, Mac fags bust out your terminal.

The command we are going to use is ...

>BASH Command

curl --head parliament.uk

You can also use curl -I or even wget, but this is the most explicit way to request server info.

>Shity ASP.NET confirmed

HTTP/1.1 302 Redirect
Content-Length: 147
Content-Type: text/html; charset=UTF-8
Location: parliament.uk
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET

Looks like it is a Microsoft IIS 7.5 server

This means they're running Windows Server 2008.

>Outdated Server Confirmed

Considering IIS 10 is the newest and released with Windows Server 2016, they are using some pretty outdated server software.

>Confirm Vulnerabilities

A quick look over here...

cvedetails.com/vulnerability-list/vendor_id-26/product_id-3436/version_id-92758/Microsoft-IIS-7.5.html

and there you go Anons,

If I didn't know any better I'd say this is a Clinton server.

You don't count GB's result twice you get the GB's result from Signatures By Constituency and not from
Signatures By Country as those are not updated realtime.

github.com/alphagov/e-petitions/issues/483

This guy ran the calculation and changed it.

Well done sir

Those exploits would not affect the petition website as they pose only the danger of taking it down temporarily.

Dumb his down for me friend, I am woefully uneducated in these things. Am I understanding correctly that the server being used is ridiculously unsecure and easily hacked to produce such suspicious counts as we're seeing in the OP?

>Symptom of a Deeper Problem

DDoS attacks are not just for taking down servers. They are also for causing servers to throw errors that open the software on them up to bugs that are exploitable, other wise known as "hacks"

>Lazy UK Admins / Devs

In this case, if they are too lazy to update their server version there is a strong probability that they are also too lazy to update their framework version.

In this case their framework is ASP.NET

The version of ASP.NET that shipped with Windows Server 2008 is..

.NET Framework 3.5

>Confirm .NET 3.5 Vulnerabilities

cvedetails.com/vulnerability-list/vendor_id-26/product_id-2002/version_id-82466/Microsoft-.net-Framework-3.5.html

A shit server running shit software.

Ok, so.

The simple version is that older versions of software ( especially when dealing with Microsoft ) typically are less secure than the newer versions.

In fact, most updates and version updates to Microsoft Server software are purely security updates.

They are running a 8 year old server with 8 year old software.

Attacking something this out of date typically would be extremely easy, even if the server were something mega-secure like CentOS and the framework was rock solid.

I mean, just look at the NK/VC votes. The real question is how many of the uk votes are real

The UK Votes go trough an extra layer of security.

so can we conclude false alarm?

Bumb

>The real question is how many of the uk votes are real

I'm honestly not really aware of how the UK vote system works.

First, is voting 100% digital? If it's 100% digital is any identification required to vote?

If not then, really anyone could fire up a bot to vote.

If they do require an ID then we'd need to see what kind of ID and then we could really get somewhere.

Voter fraud typically is a hard nut to crack because the people who are sitting on all the information that could nail them are the same people you have to ask for the information to investigate them.

Yes together with this response by the developers.
github.com/alphagov/e-petitions/issues/483

No, it is paper.

I think they disabled that here:

github.com/alphagov/e-petitions/commit/8ae55cc26209e7ac1c7308c607d8cc7553f90af4

>Under high load we saw many locks while writing the country petition journals on updating the journal for the UK. To avoid this we mark the signature as unrecordable if it's from the UK. We can write something to populate this later, or calculate it on the fly from the other journals.

2mil people signed a paper petition? noice

They still have protection against it.

You need to generate a valid Post Code, confirm your email, and fetch a link from it.

Also I am sure they would be looking into IP's and actual names being inputted in, discarding those who look like spam.

The script that generates just random chars will stand out like a sore thumb.

I could build a list of postal codes and use fake-factory to generate names with no issue. One of the scripts already uses it generate names. Temp email generator already generates a temporary email and the script verifies the submission in the bot script. You could probably toss out most fake addresses like the .ru email addresses temp email generates, but I doubt they are even going that far.

The only issue would be IP address, but since UK isn't updated in real-time it is hard to tell. I do know for a fact about 24 hours ago at this time they were averaging about 100-500 votes every 10 seconds.

Got some ammo here

Wrong type of ammo, mate.

If they throw out multiple votes from the same IP they're potentially disenfranchising people who live together or students voting from college networks. If they throw out votes from outside the UK, they're potentially disenfranchising British citizen who live abroad.

That script was originally only mean to quickly demonstrate how easily it was already being done when the signatures were growing at an absurd rate. The point is that if something that basic can be put together in an effective way in the time takes to drink my morning coffee, what can people who actually want to defraud it do with a little more effort?

I didn't expect it to go this far, but look at how far has skewed results from Vatican City and North Korea, and consider how much better a foreign government could do it.

*how far Sup Forums has skewed

Depends, because they surely can detect a couple of thousand votes from the same IP and with the same email TLD... They just would need to prune those.

Any way to quickly add the constituency data together?

By adding the values of the 651 "signature_count" from the "signatures_by_constituency" in the JSON.

Or you could convert it into a spreadsheet.

You can do that, but there are people on Sup Forums with ridiculous botnets. It also wouldn't be hard to start generating much more legit looking email accounts from multiple sources. You could harvest real names and postcodes from the UK electoral register.

Looks like I will have to convert it to a spread sheet. Guessing I cant just copy paste it.

I think this does it for you

codepen.io/ayylmaom80/pen/xOgWPZ

How would I add data to this from the .json? You will have to excuse my lack of understanding.

Never mind figured it out

It wasn't that difficult, wasn't it?

I was about to give you the answer btw.

Yeah no I though I had it but it does not seem to be working. is it because im using links like

web.archive.org/web/20160626054231/https://petition.parliament.uk/petitions/131215.json

instead of the direct links used on the codepen site?

I don't think that the Wayback Machine allows you to use that data on an external website.

You're fucking nuts, banana ass, but we need people like you keeping up the good fight.

You, my good sir, are a scholar and a gentleman.

I don't know who you are or what you do but tonight I approve and thank you.

Although you could use this

json-xls.com/json2xls

If you copy the JSON content into it.

Then I will have to find another way to count the votes. Might just take the GB vote table out the infograph and edit it abit. I fucked up on data collection. Still should be useful. I appreciate the help.

SOMEONE EXPLAIN WHAT'S GOING ON I DON'T CODE

>Vatican City 2nd
>North Korea 3rd

Something very fishy is definitely going on here.

Thank you Portuguese Statistician for providing your input and for shutting down the poll shills in Trump Generals

I made a Python script to easily collect numbers from the petition.

>16:35 on 25/06/2016:
web.archive.org/web/20160625153506/https://petition.parliament.uk/petitions/131215.json
Total number of signatures: 1765889
Sum of all signatures by country: 418534
Number of signatures from United Kingdom: 354634

>20:00 on 25/06/2016:
web.archive.org/web/20160625202143/https://petition.parliament.uk/petitions/131215.json
Total number of signatures: 2367548
Sum of all signatures by country: 453139
Number of signatures from United Kingdom: 365483

>21:21 on 25/06/2016:
web.archive.org/web/20160625202143/https://petition.parliament.uk/petitions/131215.json
Total number of signatures: 2367548
Sum of all signatures by country: 453139
Number of signatures from United Kingdom: 365483

>22:45 on 25/06/2016:
web.archive.org/web/20160625220110/https://petition.parliament.uk/petitions/131215.json
Total number of signatures: 2547875
Sum of all signatures by country: 2499997
Number of signatures from United Kingdom: 2401768

>23:01 on 25/06/2016:
web.archive.org/web/20160625220110/https://petition.parliament.uk/petitions/131215.json
Total number of signatures: 2547875
Sum of all signatures by country: 2499997
Number of signatures from United Kingdom: 2401768

The 23:14 archived page uses the exact same JSON as 23:01 above.

Python script (requires Pandas): pastebin.com/Yhr7B92y

Yes, there is a funny guy or some funny guys running scripts to do that.

This worked. Thanks.

It's totally legit. All 451 Vatican City residents came to party

>petition signatures growing at a rate that seems to fast to be real
>american user claims to have voted 33,000 times
>python script posted to show how that's feasible
>"syrian" user modifies script and uses it to submit signatures from vatican city
>everybody starts spamming vatican city and north korea
>petition website edits results
>world war 3 ensues

No problem,

I couldn't sleep anyways.

Ultimate kek. Thanks Poland bro

They didn't actually edit any results, just ran a cron task to update the value in relation to the signatures by constituency.