Conservative effort at social media experiment leaves open source Cash Gordon site directing to adult and Labour Party websites

News by Dan Raywood

The Conservative Party was left with egg on its face after a social media marketing campaign aimed at embarrassing the Labour Party backfired.

The Conservative Party was left with egg on its face after a social media marketing campaign aimed at embarrassing the Labour Party backfired.

The Tories introduced a website called ‘Cash Gordon', which claimed that ‘one of the great untold stories of British politics is how Unite has taken advantage of Labour's near bankruptcy and the departure of Tony Blair to gain an unprecedented grip on the party'.

It was also set up to collect Twitter messages that contained the hashtag #cashgordon and republish it in a live stream on the home page. However a configuration error was discovered as any messages containing the #cashgordon hashtag were being published, as well as whatever else they contained.

Trend Micro senior security advisor Rik Ferguson commented that if users tweeted JavaScript instead of standard messages, this JavaScript would be interpreted as a legitimate part of the Cash Gordon site by the visitor's browser. This would redirect the user to any site of their choosing, and this saw the site abused to the point of being taken offline.

The abuse was noted and led to Twitter users sending users to various sites, including pornography sites, the Labour Party website and a video of 1980s pop star Rick Astley.

The BBC's technology correspondent Rory Cellan-Jones commented that for several hours, while the developers worked to fix the problem, visitors to Cash Gordon were redirected to the main Conservative site. Meanwhile, Labour and Conservative micro-bloggers traded insults, with one side arguing this was the greatest foul-up in the short history of ‘peer-to-peer' campaigning. The other ]side said] that their strategy had been vindicated because #cashgordon was now a trending topic on Twitter and their opponents had simply given them free publicity.

Tweets appearing on the Cash Gordon site appear to show that it is back up and running, although many users are claiming that Tweets are now being moderated.

Ferguson said: “This isn't all fun and games though, configuration oversights can lead to serious harm. This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.

”In reality this poor configuration could have posed a serious risk to the Tory party's own supporters as well as any other curious visitor. Those responsible for the page should have been filtering incoming Tweets or simply sanitising the code before it was posted as this could just as easily been used as a means to infect visitors by redirecting them to malicious websites.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews