GORDON’S ALIVE?! Tory online campaign fail.

The Conservative party this weekend unveiled a social media marketing campaign aimed at embarassing the Labour Party. The plan has backfired quite spectacularly…
The “Cash Gordon” web site was highly dynamic and tied in with many popular social networking sites and tools. It capitalised on user generated content and relied on organic sharing and interaction. In a blog post on the Conservative home page Samuel Coates said

“Once users have connected to the Cash-Gordon campaign, they can start accruing “action points” for reading briefings about the issue, getting their friends involved, donating, or even for directly asking Charlie Whelan a question.”

However today it’s the Conservatives that have been left with red faces, after a web site configuration error (or maybe just a lack of planning) saw the site abused to the point of being taken offline.
The Cash Gordon website was set up to collect any message posted on Twitter that contained the hashtag #cashgordon and republish it in a live stream in a widget on the home page of Cash Gordon. 
Obviously this was duly noted and passed around. It was soon discovered that if you tweeted HTML or JavaScript instead of standard messages, this content would be interpreted and rendered by the visitor’s browser as legitimate part of the Cash Gordon site, allowing pranksters to redirect visitors to any site of the miscreant’s choosing.
The screen shot below shows the steady stream of tweets that ensured that visitors to the web site were constantly redirected to many different, sometimes salacious, destinations.

Tweets containing JavaScript and #cashgordon hashtag

Tweets containing JavaScript and #cashgordon hashtag

This isn’t all fun and games though, configuration oversights can lead to serious harm. This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.
In reality this poor configuration could have posed a serious risk to the Tory party’s own supporters as well as any other curious visitor. Those responsible for the page should have been filtering incoming Tweets  or simply sanitising the code before it was reposted. This could just as easily been used as a means to infect visitors by redirecting them to malicious web sites.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.