DearSA cyber attack: Bots used in bid to sway outcome of Covid-19 survey

13 December 2021 - 15:52
By Alex Patrick
DearSA director Rob Hutchinson says the incident was not a hack but rather a single person injecting 20,000 entries to the campaign to try to influence the outcome. Stock photo.
Image: 123RF/Welcomia DearSA director Rob Hutchinson says the incident was not a hack but rather a single person injecting 20,000 entries to the campaign to try to influence the outcome. Stock photo.

Public participation platform DearSA was the target of a cyber attack on Saturday when 20,000 submissions on a mandatory vaccination survey were filled in by bots.

The organisation said a specific IP address targeted the campaign, which attracted more than 180,000 submissions.

DearSA asked the public to comment, object to, or support mandatory vaccinations and certificates, or passbooks, for Covid-19.

Public participation platform DearSA had 20,000 fake positive surveys on its campaign for or against mandatory vaccinations and carrying proof of a vaccine.
Image: Screengrab via DearSA Public participation platform DearSA had 20,000 fake positive surveys on its campaign for or against mandatory vaccinations and carrying proof of a vaccine.

DearSA is a non-profit platform with an active participant network of more than 900,000 people.

According to the organisation, interim results show the vast majority of participants object to mandatory vaccinations and passbooks.

The bot was set up to automatically answer “Yes I do” and used fake e-mails and names to fill in the public participation form.

“The interim results discredit surveys and refute findings by organisations such as the World Economic Forum, the University of Johannesburg and the Human Sciences Research Council,” the organisation reported on Monday.

A screengrab from the Dear South Africa server which shows a tranche of 'participants' were bots instructed to answer the survey positively.
Image: DearSA A screengrab from the Dear South Africa server which shows a tranche of 'participants' were bots instructed to answer the survey positively.

DearSA director Rob Hutchinson said it was important for the public to know this event was not a hack but rather a single person injecting 20,000 entries to the campaign to try to influence the outcome.

“Someone ran a script [list of commands that automate processes on the web] which added 20,000 'participants' all with the same IP address. None have messages added and we were alerted to it when all the e-mails sent [part of the process of participating in the campaigns] bounced.

Dear South Africa realised someone had tried to influence the results of the survey once nearly 20,000 e-mails bounced as the individuals did not exist.
Image: DearSA Dear South Africa realised someone had tried to influence the results of the survey once nearly 20,000 e-mails bounced as the individuals did not exist.

“We can't delete the entries because this will compromise the campaign, but we have flagged them.

“Our service provider, Amazon, also flagged them as fake. We are working with Amazon to ensure it doesn't happen again, this is the first time.

“The motive was to influence the outcome. At the time we had over 160,000 entries with 89% against.

“This was definitely not a hack, there was no breach of data but rather someone trying to inject data. All participants' data is removed from the server several times a week and stored off site [to safeguard in case of a breach].”

Hutchinson said the organisation would make public details about the individual who tried to influence the outcome once investigators had confirmed this. 

DearSA director Gideon Joubert said: “We are getting a digital forensic investigator to look at this and will take it further.

“It benefits no-one to do this ... we will have to appoint an independent auditor to audit the results. This will mean the data won't be affected. This was definitely done by someone with little experience.” 

TimesLIVE