It has been discovered that the petition on the UK government website calling for a second referendum has been blasted with a significant number of fake entries, according to Parliament.
The online petition, which calls on the UK government to run a second referendum on whether the UK should leave or remain a member of the European Union, has attracted millions of signatures.
However, the validity of some of those signatures has been called into question as the House of Commons Petitions Committee said that the petition, “EU Referendum Rules triggering a 2nd EU Referendum”, had 77,000 fraudulent signatures added to it. The committee says these have all been removed.
Nearly 40,000 entries said they were from the Vatican City - a city that only has around 800 residents.
The committee said they would continue to monitor the petition, and were committed to monitoring its registrations to prevent any further fraudulent signatures.
Despite the fact that the petition is supposed to be only signed by UK citizens, the data from the petition showed signatures from Iceland, The Cayman Islands and Tunisia.
Other than a checkbox asking signatories to confirm they are either a British citizen or a resident of the UK, the website itself does nothing else by way of verifying the signatory is legitimate. It does ask for UK postcodes and a valid email address which it confirms via email link back.
Helen Jones, chair of the petitions committee, said, “The Government Digital Service are taking action to investigate and, where necessary, remove fraudulent signatures. People adding fraudulent signatures to this petition should know that they undermine the cause they pretend to support.”
Jones added, “It is clear that this petition is very important to a substantial number of people. The petitions committee will be considering the petition at its meeting next week, and will decide whether or not to schedule a debate on it.”
Javvad Malik, security advocate at AlienVault, commented by email to SCMagazineUK.com: “Any public-facing website, particularly sites such as online petitions which trigger actions when a certain number of signatures have been collected should have protection in place in order to safeguard the integrity and availability of its information with anti-bot and anti-DDoS measures amongst others.”
He added, “In order to protect against all bots, companies should deploy various detection techniques and be continually kept up to date to detect bot activity as soon as possible. Having a good source of threat intelligence can help identify and block bot-traffic early.”
Rami Essaid, CEO of Distil Networks, told SC: “Whether you view Brexit as positive or negative, it's obvious that there are strong feelings on both sides. Using this petition site to cause a debate in the UK Parliament is a valid exercise as well. However, the use of bots to attack this site should be more concerning, as it appears that it has not been hardened against automated attacks like this.”Essaid added: “Most of the bots appear to be simple scripts rather than heavyweight and sophisticated attacks. However, these attacks should be prevented so that they can't derail the actions of a significant portion of the British public. Preventing bots can be difficult when it comes to ad fraud and e-commerce account hijack attacks, but the kinds of attacks used here should be fairly simple to stop.”