Automated bots bombard EU referendum petition with fake signatures

BBC News reports:

An online petition calling for a second EU referendum has been hijacked by automated bots adding false signatures.

Posts on the 4chan message board indicated that some users had scripted programs to automatically sign the petition.

Thousands of signatures appeared to have come from people in Vatican City and Antarctica.

Sign up to our free newsletter.
Security news, advice, and tips.

The House of Commons petitions committee said it had removed 77,000 signatures and was investigating.

The problem is that the UK government petitions site isn’t doing enough to weed out fake participants.

Every time you sign a petition on the site, you are asked for an email address and have to click on a link in a message sent to that email address to prove you are a “real” human rather than an automated script.

Of course, it doesn’t take a huge amount of effort to write an automated script that gives the petition site a throwaway email address and then – seconds later – automatically “click” on the link sent to that address.

The site may wish to invest in some better CAPTCHA technology to make it a little more difficult for the mischief-makers of 4Chan to flood the petition with bogus signatures.

Of course, 77,000 bogus signatures is a tiny proportion of the 3.7 million who have so far signed that particular petition.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Automated bots bombard EU referendum petition with fake signatures”

  1. John Lewis

    Far worse than that is the security that the government is looking to use to verify people for government transactions – gov.uk verify. see – http://wp.me/p3U0tf-77

  2. graphicequaliser

    3.7 million petition signatures. Let's do the maths. 52% of 33.4 million people who voted, said leave the EU. That's 17.4 million people who probably would never sign that petition. That leaves 16 million "remainers". So, less than a quarter of people who voted remain, signed that petition. Despite the volumes involved, that petition is worth diddly squat!

  3. stewgreen

    It breaks the "too wow to be true" rule that 2.5m signatures came in 3 days
    I would expect that many more are fake than the 77,000
    ..strange that journalists just accept numbers without proper challenging.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.