The newspaper reports that revisions to the page have been made from computers using the government’s secure intranet since 2009. They include insults to Liverpool fans and a comment suggesting that fans were responsible for the football ground disaster, in which 96 people died.
This case highlights the continual issue of trolling and cybervandalism on Wikipedia. It also shows how journalism is using good, technical forensic tools at the disposal of every cybercitizen.
Cybercitizens can be good or bad
So many of us use Wikipedia on a daily basis that it is one of the most visited websites in the world. Yet not that many of us really understand how it works.
Wikipedia is based on the principle that the community can create, edit and refine pages covering practically any topic. From Lady Gaga to [ANZAC Day](http://en.wikipedia.org/wiki/Anzac_Day](http://en.wikipedia.org/wiki/Anzac_Day) this online encyclopedia is continually edited and refined. Some entries are very accurate and others need improving. That is part of the power that comes from a repository of knowledge that is run by cybercitizens.
Lots of people now generally recognise that Wikipedia is a good place to start when learning about a topic. But we are also learning the dangers of taking what is posted on Wikipedia as read. Students are discouraged from referencing Wikipedia because it can change in minutes and journalists have been stung in the past when printing what they find on the site without verifying it elsewhere.
In principle, if you are someone of note or have information about a new topic that has not yet been covered on Wikipedia, you are welcome to create the page, including accurate referenced content. But you must also understand that others will edit your work.
Most changes are made in the spirit of making Wikipedia entries more accurate but there have been occasions where government bodies have been found editing their Wiki sites to make them more flattering or of the staff of politicians editing the pages of rivals to make them less flattering.
The perils of editing
If you pick any Wikipedia page, you can see a view history tab on the far right.
When you edit a Wikipedia page, you can either log in or complete this task anonymously. If you are logged in, it will display your username and the edit you have made. If you have done so anonymously, it will just record your IP address.
Wikipedia does not object to anonymous entries. Not everyone wishes to be tracked and they may have perfectly sensible reasons for that. But, unfortunately for the rest of us, some users exploit the anonymous editing feature to make unreasonable changes.
But every IP address on the internet has an owner. It could be a government organisation, a commercial entity or your service provider giving you access to the internet. A network of organisations across the world, such as RIPE, maintains the database of which addresses is used by whom.
Using the database, the newspaper was able to investigate the source of the changes.
It isn’t difficult, you do not need to be a network engineering expert to use RIPE, simply copy and paste IP addresses from Wikipedia into the RIPE database text field on the right hand side of the web page. The site will do the rest for you.
While you personally cannot prove which person made the entry, what the Liverpool Echo is relying on is the knowledge that all good network engineers that manage large networks, such as those run by the UK government, keep an accurate internal track of which IP addresses are being used by which computers within their systems.
The net closes in
While the newspaper can only go so far as to identify the IP addresses used to make the offensive comments on the Hillsborough page, the networking experts who run government systems can go further.
Many routers, proxy servers and firewalls do keep a log of all traffic entering and exiting the network. Knowing the date, time and IP address, makes our job considerably easier when commencing our detailed search.
Assuming that the network experts do keep accurate system logs of who does what on their system, it will only be a matter of time before they track a login to a computer that made the Wikipedia entry on the specific date and time.
While they may need to gather other forensic evidence to prove (or disprove) who was on the computer in question, the case against users will be pretty strong.
If I was the anonymous editor or editors that made these changes, I’d be quite anxious at the moment.