Automated bots bombard EU referendum petition with fake signatures

BBC News reports:

An online petition calling for a second EU referendum has been hijacked by automated bots adding false signatures.

Posts on the 4chan message board indicated that some users had scripted programs to automatically sign the petition.

Thousands of signatures appeared to have come from people in Vatican City and Antarctica.

Sign up to our free newsletter.
Security news, advice, and tips.

The House of Commons petitions committee said it had removed 77,000 signatures and was investigating.

The problem is that the UK government petitions site isn’t doing enough to weed out fake participants.

Every time you sign a petition on the site, you are asked for an email address and have to click on a link in a message sent to that email address to prove you are a “real” human rather than an automated script.

Of course, it doesn’t take a huge amount of effort to write an automated script that gives the petition site a throwaway email address and then – seconds later – automatically “click” on the link sent to that address.

The site may wish to invest in some better CAPTCHA technology to make it a little more difficult for the mischief-makers of 4Chan to flood the petition with bogus signatures.

Of course, 77,000 bogus signatures is a tiny proportion of the 3.7 million who have so far signed that particular petition.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

3 comments on “Automated bots bombard EU referendum petition with fake signatures”

  1. John Lewis

    Far worse than that is the security that the government is looking to use to verify people for government transactions – gov.uk verify. see – http://wp.me/p3U0tf-77

  2. graphicequaliser

    3.7 million petition signatures. Let's do the maths. 52% of 33.4 million people who voted, said leave the EU. That's 17.4 million people who probably would never sign that petition. That leaves 16 million "remainers". So, less than a quarter of people who voted remain, signed that petition. Despite the volumes involved, that petition is worth diddly squat!

  3. stewgreen

    It breaks the "too wow to be true" rule that 2.5m signatures came in 3 days
    I would expect that many more are fake than the 77,000
    ..strange that journalists just accept numbers without proper challenging.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.