Kevin Rudd’s Bangladeshi ‘bots’ in media royal commission petition
Former PM’s petition for a media royal commission contains more than 1000 fake signatories — many paid for and generated overseas.
An official investigation will scrutinise Kevin Rudd’s petition calling for a media royal commission after it emerged that more than 1000 names were fake, and some of the signatories were paid for and generated overseas.
The Australian can reveal foreign interference in the petition, which targets publicly listed companies News Corp Australia and Nine Entertainment, and prompted a Greens-led Senate inquiry into media diversity.
An investigation by The Australian into the petition, which Mr Rudd instigated as an attack on News Corp, has also revealed the document is littered with fake and absurd names, including “Nacho cheese”, “Jesus Christ” and “this sucks”. Many of those were generated offshore, easily sidestepping parliamentary measures set up to prevent fraud.
A world-renowned cyber security expert said signatories included “computer-generated bots”. He said a full digital audit was required to determine the extent of fraudulent activity in the parliamentary e-petition system.
Ken O’Dowd, the House of Representatives’ petitions committee chairman, said his committee would investigate the fake signatories in the petition.
The Australian can reveal a Bangladeshi man was paid $58 by a whistleblower — who wanted to test the vulnerabilities of parliament’s e-petition system — to generate 1000 fake signatories in less than 12 hours. Those signing petitions are required to be Australian citizen or residents.
Documents obtained by The Australian confirm a Melbourne-based blogger paid a cybersecurity specialist — who initially claimed to be in China but was later found to be living in Bangladesh — to organise the fake signatures.
The Australian has obtained the online job request, the bank transfer for the job, the 1000 computer-generated email addresses and the corresponding 1000 fake petition names, with a receipt and reference number for each fake signatory.
The cybersecurity expert, whose LinkedIn profile shows he works in IT for a Bangladesh business, said he was paid to organise 1000 signatories to the petition.
The individual, who spoke to The Australian on the condition of anonymity, detailed in writing how he bypassed the Australian government’s petition system.
“Yes, I genarate (sic) 1000 mail and sign the Australian parliamentary petition,” he said.
“This is computer-generated. I use Australian VPN for bypass.”
The fake names attached to the computer-generated email addresses — including “austin austin”, “devin devin”, “steffan steffan” and “Xavi xavi” — were confirmed to be on the petition after a search of House of Representatives Table Office records.
Other names include “mushfik mushfik”, “bruno bruno”, “parisa parisa” and “xekel xekel”, the Table Office and documents reviewed by The Australian show.
Aside from those signatures, there are hundreds of other fake signatories to the petition.
The petition includes a variety of fake names including “Rupert Murdoch”, “General Justice” and “Bette Midler known for Wind Beneath My Wings”.
“Scott Morrison” and “Anthony Albanese” also appear on the petition, but spokesmen for both the Prime Minister and the Opposition Leader deny either had signed it.
Mr Rudd — dumped by his party within his first term — has promoted his petition on Twitter, Guardian Australia and the ABC.
He was supported by another former prime minister, Malcolm Turnbull, who was also overthrown by his party while in office.
Both men, who led coups against their own colleagues to seize power, were also victims of internal political revenge but blame News Corp Australia newspapers for losing office.
News Corp Australia is the publisher of The Australian.
The petition has been used by Greens senator Sarah Hanson-Young to justify calling an inquiry into media diversity.
The push — the fourth-highest number among parliamentary petitions after campaigns to fund community pharmacies, place a higher tax on beer and address healthcare funding — ostensibly attracted 501,876 signatures.
Nicholas Smith, who runs a podcast called The Turncoat, said he paid an overseas freelancer to “sign” the petition hundreds of times in order to “demonstrate to you how easy it is to manipulate our own government’s website”.
“What I have a problem with is the government petition website and how easy it is to manipulate with huge advantages,” he said.
“For one, the free press but two, it’s caused a Senate inquiry into the media.
“It’s having an influence on decision-making within our parliament.
“There should at least be a mobile verification process if they want us to take this petition seriously — there needs to be more than an email verification process.”
Mr Smith posted the job to collect names for the petition on a freelance website with the subject “data extraction”.
“I need minimum two persons for an online data collection task,” the advertisement read.
Bank transfer records from the website show that $52.89 was transferred to two different freelancers at 11.52pm on October 26, 2020.
One freelancer, named Yao L — based in Beijing — did not complete the job.
The second freelancer, based in Bangladesh, did.
Robert Potter, who is a highly regarded cybersecurity expert and the co-founder of Internet 2.0, did an initial analysis of the petition in the Table Office and analysed the 1000 emails paid for by Mr Smith.
His conclusion is that fake and computer-generated bots were among signatories to the petition.
“Yes, there are signatories to the petition that I would assess with a high degree of confidence are computer-generated bots,” Mr Potter, who has worked for both the US and Australian governments, said.
“The single name email followed by random numbers is a sign of bot activity through automatic registration.”
Mr Potter concluded that the spam protection system within the parliamentary petition platform does not require any form of evidence that the person ¬registering is an Australian resident or citizen. “The system does not geoblock foreign IP addresses at the registration page,” Mr Potter said.
“The system doesn’t seem to require any demonstrable proof the person is Australian.”
He also said the breach had exposed an “avenue for foreign interference in our parliamentary petition system”.
“This is small-scale influence operation from a foreign party working under the direction of an Australian,” he said.
“I think an evaluation of the technical controls is called for, at the very least, to see what controls sit around the petition system and to see how they might be strengthened.
“The system for managing petitions is the vulnerability, not necessarily the single petition. This could have impacted on a number of petitions.”
The Department of the House of Representatives standing committee on petitions secretariat -notified committee members on Friday of the fake signatories following questions lodged by The Australian.
Mr O’Dowd, a National Party MP who chairs the committee, said: “It will be investigated by my committee and we will take further action if required.”
More Coverage
Please explain $2bn, bishops ask Pope
Bishops to seek answers from the Pope why $2.3bn was transferred from the Vatican to Australia without their knowledge.
Chapter 1
An actress. An island. A gonzo murder mystery. The Australian’s progressive summer novel Oh Matilda: Who Bloody Killed Her? starts here.