UK United Kingdom

Wikipedia editors never walk alone: Hillsborough changes can be traced

According to the Liverpool Echo, UK government computers have been used to make offensive comments on the Wikipedia page detailing the 1989 Hillsbourgh Disaster over a number of years. The newspaper reports…

Piecing the puzzle back together is easy once you know how. @bastique, CC BY-SA

According to the Liverpool Echo, UK government computers have been used to make offensive comments on the Wikipedia page detailing the 1989 Hillsbourgh Disaster over a number of years.

The newspaper reports that revisions to the page have been made from computers using the government’s secure intranet since 2009. They include insults to Liverpool fans and a comment suggesting that fans were responsible for the football ground disaster, in which 96 people died.

This case highlights the continual issue of trolling and cybervandalism on Wikipedia. It also shows how journalism is using good, technical forensic tools at the disposal of every cybercitizen.

Cybercitizens can be good or bad

So many of us use Wikipedia on a daily basis that it is one of the most visited websites in the world. Yet not that many of us really understand how it works.

Wikipedia is based on the principle that the community can create, edit and refine pages covering practically any topic. From Lady Gaga to ANZAC Day this online encyclopedia is continually edited and refined. Some entries are very accurate and others need improving. That is part of the power that comes from a repository of knowledge that is run by cybercitizens.

Lots of people now generally recognise that Wikipedia is a good place to start when learning about a topic. But we are also learning the dangers of taking what is posted on Wikipedia as read. Students are discouraged from referencing Wikipedia because it can change in minutes and journalists have been stung in the past when printing what they find on the site without verifying it elsewhere.

In principle, if you are someone of note or have information about a new topic that has not yet been covered on Wikipedia, you are welcome to create the page, including accurate referenced content. But you must also understand that others will edit your work.

Most changes are made in the spirit of making Wikipedia entries more accurate but there have been occasions where government bodies have been found editing their Wiki sites to make them more flattering or of the staff of politicians editing the pages of rivals to make them less flattering.

The perils of editing

If you pick any Wikipedia page, you can see a view history tab on the far right.

When you edit a Wikipedia page, you can either log in or complete this task anonymously. If you are logged in, it will display your username and the edit you have made. If you have done so anonymously, it will just record your IP address.

Wikipedia does not object to anonymous entries. Not everyone wishes to be tracked and they may have perfectly sensible reasons for that. But, unfortunately for the rest of us, some users exploit the anonymous editing feature to make unreasonable changes.

But every IP address on the internet has an owner. It could be a government organisation, a commercial entity or your service provider giving you access to the internet. A network of organisations across the world, such as RIPE, maintains the database of which addresses is used by whom.

Using the database, the newspaper was able to investigate the source of the changes.

It isn’t difficult, you do not need to be a network engineering expert to use RIPE, simply copy and paste IP addresses from Wikipedia into the RIPE database text field on the right hand side of the web page. The site will do the rest for you.

While you personally cannot prove which person made the entry, what the Liverpool Echo is relying on is the knowledge that all good network engineers that manage large networks, such as those run by the UK government, keep an accurate internal track of which IP addresses are being used by which computers within their systems.

The net closes in

While the newspaper can only go so far as to identify the IP addresses used to make the offensive comments on the Hillsborough page, the networking experts who run government systems can go further.

Many routers, proxy servers and firewalls do keep a log of all traffic entering and exiting the network. Knowing the date, time and IP address, makes our job considerably easier when commencing our detailed search.

Assuming that the network experts do keep accurate system logs of who does what on their system, it will only be a matter of time before they track a login to a computer that made the Wikipedia entry on the specific date and time.

While they may need to gather other forensic evidence to prove (or disprove) who was on the computer in question, the case against users will be pretty strong.

If I was the anonymous editor or editors that made these changes, I’d be quite anxious at the moment.

Join the conversation

6 Comments sorted by

  1. Mark Yates

    Infrastructure Management at Telecommunications Industry

    Another great read and spot on ... if they can try people for Twitter 'offences' then surely this kind of defacement must be subject to some form of criminal act.

    Are the police involved?

  2. John Samuel

    logged in via Facebook

    The IP address will point to a government network - but doesn't identify which, of the hundreds of thousands, of computers on that network is the source.

    Yes, the network does generate logs - probably tens of millions of lines of logs every day. And, yes, they can be searched. However, as the logs are so voluminous (in many organisations larger than the information the organisation holds) they're usually deleted. Some organisations delete them every week, some every month. Maybe the government keeps them longer. Maybe not. It's expensive to keep data for unforeseen events.

    1. Mark Yates

      Infrastructure Management at Telecommunications Industry

      In reply to John Samuel

      fortunately we all know the date/time of the entry, but there is the question of 'are the logs stored' ... from the perspective of national security we would hope that a whitehall system does have that level of retention.

      So, are the police involved, if not why not, if there is no perpetrator, what does that tell us about the cover up culture or level of security at whitehall.

    2. Ange Hodgson

      logged in via email

      In reply to John Samuel

      The size of the network log varies according to the size of the network (after allowing for variation in traffic within and between networks).

      A number of whitehall departments were identified and named in a (removed early this morning) amendment to the Wikipedia article. If each department runs its own network (or subnet), then the traffic logs should be a little easier to trawl through.

      While I agree with John Samuel that the retention of data may be expensive in terms of disk space, it should…

      Read more
  3. David Hill

    logged in via Facebook

    The Wikipedia revelations are just another facet of the Establishment's inability to have great empathy with the people of the UK. Indeed many negative facets are endemic within the system and where vindictive people in high places because they have been found out (although covered up by the Establishment) castigate matters that should attract reverence and human feelings towards others. But there are all sorts of powers in play when cover-up is the name of the game -

    Read more
    1. John Borgars

      Senior Investment Analyst

      In reply to David Hill

      As I keep asking those obsessed with the idea of "The Establishment" - which establishment?
      The objectionable posts were made in 2009.