SEATTLE — An international design contest to repaint the Space Needle for its 50th anniversary appears to have been manipulated by computer hackers.
KIRO 7 investigative reporter Chris Halsne found strong evidence someone on the outside rigged the contest’s online voting system to wrongly give the “Trees” design the most votes.
After months of steadfastly maintaining the public vote was accurate and fair, the Space Needle recently changed its view after seeing Halsne’s research.
On October 19, less than two days before the Space Needle planned to announce a winner, artist Ryan "Henry" Ward was easily leading the “Top This” design competition with his entry “Deep Blue Sea”. Ward is well-known around Seattle for his colorful and whimsical murals.
According to multiple witnesses who were monitoring the vote on a searchable, but unlisted site run on the Space Needle’s website, Ward's "Deep Blue Sea" carried around 21,000 public votes. "Roots" was a respectable second with 15,000. "Trees" was a distant third with about 11,000 supporters.
Public online voting, at this point, had been going on for 23 days.
Then, in just a few hours, witnesses said "Trees" gained around 10,000 votes -- nearly doubling its month-long vote total.
"It was like watching a speedometer. The votes ran up about 50 ahead and stopped," Ward's longtime friend, Chris Smith told KIRO 7. Smith is a social media specialist who helped run "Deep Blue Sea's" voting campaign.
Prior to “Trees” being announced as the winner, Smith informed contest organizers he suspected hackers had breached Space Needle servers.
And he initially thought officials noticed the problem too because the Space Needle’s PR team delayed their planned October 21 announcement deadline; instead, they waited until October 22 to declare a winner.
Yet, at the big reveal, “Trees” was proclaimed the top vote getter. Smith doesn’t understand that decision.
“You don’t want to feel like you were in a crooked contest. I mean, that’s kind of a black eye for an iconic institution like the Space Needle,” Smith said. “I really don't think the Space Needle had anything to do with the cheating that happened. They just turned a blind eye to it.”
Ward publically congratulated the winning artist, Nikki Commins, but privately, Ward’s friends asked the Space Needle for an investigation.
Ward told Halsne after weeks of waiting for some kind of action, a representative of the Space Needle told him if he didn’t like the result, he could call the Space Needle’s lawyers.
"All these people invested in this and to like see that shift happen so quickly--I just knew something was wrong. There was like no cooperation whatsoever. No 'we'll look into it.' It was -- 'you have a problem with us, contact our lawyers,'" Ward said.
After Halsne’s calls to Space Needle executives went ignored for weeks, he paid a visit to the private corporation’s headquarters.
At first, staffers took a hard stance -- telling Halsne “we feel this issue is closed and has been for some time.”
Then, a week later, after KIRO 7 shared some of its evidence, Space Needle representatives changed the official response, sending an email which read in part: "Given the celebratory spirit of this competition with no financial incentive, we hoped that this event could be free from these incidences. It was a popularity contest for the finalists and there is no doubt that several of them walked the fine line as they campaigned through numerous social channels.”
The email further noted: "...we structured the voting process to be as simple as possible. In any online competition with voting involved, anomalies in the process can be expected."
“It’s kind of disheartening to me, you know? Like, mostly because of the people who put all the time and money and energy into the contest,” Ward said. “That someone would come out and do that.”
That someone might be going by the name "Pipedream.”
KIRO 7 found a person going by the nickname "Pipedream" bragging on The Stranger’s blog that he had the ability and desire to rig the contest, writing in part: “Their (the Space Needle’s) voting system is really poorly written. Their server-side script is vulnerable to a [sic] SQL injection attack. Let’s see what other fun things I can do while at work today…”
Following a trail of data crumbs, KIRO 7 traced "Pipedream" to a real person -- Seattle software development engineer Aaron Miller. According to his LinkedIn profile, he works for Amazon.
We went by Miller’s apartment multiple times, leaving messages with his building manager. KIRO 7 also reached out to him at work by phone, email and through Amazon PR but Miller did not respond to us.
We shared our research with Mike Andrew, owner of the Cyber Security Institute and information security programing professor at Edmonds Community College, asking him how hard it would be to write a program to increase vote totals for the contest.
“Based upon the data I have -- it wouldn’t be difficult at all,” Andrew said.
Andrew said he doesn’t have the access to prove Miller, acting as "Pipedream,” is the hacker; just that Miller described exactly how a person would manipulate a poorly secured online voting system.
“It would be a very simple measure to go ahead and write a program that simply spoofs IP addresses so that it increases the vote tally for a particular entry that you may be particularly fond of,” said Andrew.
While digging deeper into the Space Needle’s “Top This” contest, it becomes more evident the voting system was likely fixed by outside forces; however, we found no indication the winning artist, Commins, was involved in the manipulation.
Federal, state and local law enforcement agencies all tell KIRO 7 that accessing the Space Needle’s servers without permission is illegal in most cases.
However, contest rules stated Space Needle officials had sole discretion to declare a winner -- even if that winner failed to receive the popular vote.
What do you think? Share your comments below.
KIRO
:quality(70)/d1hfln2sfez66z.cloudfront.net/03-07-2024/t_a04eea43993e4d4a91177d329640b460_name_Tran_6p_Everett_Woman_homicide_LL_pkg_frame_22938.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/SJPHEIUFCFBN5CV66FIPLEJCZY.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/LNPYSB6MEJG2TOV4XDFWAWVAAU.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/DV3D5PBQIZFEPANBGDDAZHIA5I.jpg)