A family of Red Sox fans gathered during a game at Fenway Park. It was June 26, 1999 and the Sox were in the midst of an 11-run first inning. But the topic of conversation in the stands wasn't how the outburst would guarantee Pedro Martinez his 14th victory of the season.
| | Red Sox shortstop Nomar Garciaparra didn't need ballot-stuffing to earn the starting nod for the AL All-Star team in 1999. |
Instead, it was all about how Chris Nandor, a 25-year-old computer programmer, could ensure Red Sox shortstop Nomar Garciaparra a starting spot in the Mid-Summer Classic that was to take place in Boston just 17 days later.
Nandor already had voted for Garciaparra some 14,000 times. Thanks to a computer program he says took only five minutes to create, Nandor was able to flood Major League Baseball's Web site with a barrage of online ballots. Still, it wasn't enough. With the All-Star voting winding down, Garciaparra still trailed the Yankees' Derek Jeter
by about 20,000 votes.
"We were just talking about how it was probably easier to write another script than to spam (a mass e-mail asking fans to vote for Garciaparra)," Nandor said recently. So the next day, while flipping burgers for a barbeque at his home, Nandor ran the program again. Instantly, Garciaparra and three of his Red Sox teammates -- catcher Scott Hatteberg, second baseman Jose Offerman and third baseman John Valentin -- had 25,259 votes added to their totals.
Two weeks later, Major League Baseball officials told the Boston Globe it had caught on to Nandor's chicanery. Since Nandor had submitted identical ballots using the same phone number, e-mail address, zip code and computer, it was easy to trace the online hacker.
"I obviously didn't do a very good job," joked Nandor, the co-author of "MacPerl: Power and Ease," a how-to book on the program he used to hack the All-Star voting site.
But just because Nandor failed to get his vote through, that doesn't mean other rabid fans won't. Luckily for Big Ballot Inc., the independent judging agency responsible for counting All-Star ballots for the past 25 years, Nandor used a dial-up connection when casting his votes. Today, Major League Baseball might be unable to detect online battle stuffing so easily.
Internet service providers like America Online and @Home use proxy servers that make it impossible to track a user's location, several professional hackers told ESPN.com. Still, the ballots must be randomized and cannot arrive in a lump deposit.
"(Service providers) certainly make it more difficult to notice," admitted Jeff Gehl, president of Big Ballot. Gehl said his company searches for anomalies in voting patterns to ensure ballots are legitimately cast. "If Mike Piazza
is getting 12,000 online votes a day, and on a particular day the votes for him spike, we start to look at similarities in e-mail addresses."
Jon Orwant, chief technical officer for O'Reilly & Associates, a computer publishing company, is a friend of Nandor who alerted the Boston Globe to the All-Star vote's vulnerability to fraud. Orwant said smart hackers can ensure their multiple ballots don't stick out by setting up a voting program at the beginning of the voting period, avoiding the anomalies that can alert Big Ballot to voting fraud.
Orwant said a hacker could fool watchdogs by writing a program that would allow, say, a fan of Red Sox slugger Manny Ramirez to vote slightly more for Ramirez than for Mariners outfielder Ichiro Suzuki, who currently leads fan voting. If the anomaly goes undetected, Ramirez's votes eventually would surpass Suzuki's based on sheer volume of votes.
This season, voting on MLB.com requires fans to type in an authorization code, which seemingly spits out random numbers. Still, hackers say there are programs that can recognize the pattern and bypass the codes.
"The best thing MLB.com can do is throw up a little roadblock," Orwant said. "That's what that is, a speed bump at best. But making an Internet poll 100 percent accurate is just not something that you can do in 2001."
For argument's sake, All-Star voting has never been a matter of accuracy. In 1957, 39 years before Internet voting was in place, seven Cincinnati players were voted into the starting lineup after fans stuffed the ballot box with help from a local newspaper that printed filled-out ballots for fans. Today, a fan with some time on his hands could go to the ballpark, grab a couple hundred ballots and punch in his favorite players.
But online voting makes it easier. This year's online ballot allows a person to vote 25 times with each e-mail address, based on the premise that there are 25 home games for fans to vote for their favorite players. Of course, the more passionate fans can vote hundreds of times, if they create a handful of e-mail addresses.
"It doesn't seem like baseball has ever been about the democratic ideal of one-man, one-vote," said Larry Brandt, project officer of Digital Government, a federally funded computer science research program.
Brandt, whose organization helped sponsor a national workshop on Internet voting in March, said the fact Internet ballots are given equal weight with hand ballots in determining All-Star voting illustrates that Major League Baseball trusts its computer voting system.
|
“ |
(Hacking into the All-Star ballot) definitely happens all the time. ... It's pretty much standard procedure. ” |
|
|
— Chris Nandor, who was caught casting some 39,000 Internet ballots for Nomar Garciaparra in 1999 |
Internet voting made up approximately 40 percent of all ballots cast as of Monday, Gehl said. "There are no major events to report," he said, "or that we are sharing."
When counting is done, Internet voting is expected to account for 25 percent of ballots cast, MLB spokesman Pat Courtney said. Hand balloting was completed on Sunday, but many of those ballots are not expected to be included until the final totals are released next week.
The true test for Major League Baseball and Big Ballot could come before Friday, when votes still can be cast via the Internet.
"(Hacking into the All-Star ballot) definitely happens all the time," Nandor said. "I can't give you a definite percentage, but there has never been a Web-based poll that people haven't done this. It's pretty much standard procedure."
Darren Rovell, who covers sports business for ESPN.com, can be reached at darren.rovell@espn.com.
| |
|