Initial results of the investigation into the voting of The Voice Kids presented to Channel One

Group-IB has provided Channel One Russia with the results of the first stage of its forensic investigation. Group-IB experts have analyzed the infrastructure used for the technical support of the online voting during Season 6 of The Voice Kids, as well as the IVR and SMS traffic in search of potential automated spamming programs and other technological methods of vote manipulation in the winner selection process. Channel One and Group-IB provided the first documented results of the audit to the Dutch-based company Talpa Media, which owns the rights to the show The Voice.

During the first stage of the investigation, Group-IB established that the SMS and IVR traffic data received by the company aggregating calls and SMS messages, and the voting results displayed during the final of The Voice Kids are identical. Group-IB specialists concluded that the voting system had not been interfered with neither by external cyber-attackers nor by insiders with the purpose of altering the results of the vote.

The analyzed traffic revealed massive automated SMS spamming in favor of one of The Voice Kids participants. That said, a technical problem arose on the side of the persons involved in the massive vote manipulation, which resulted in a piece of code designed to automate the sending of messages being included into the text messages in the form of «07 31: 2019-04-26 22:47:31», where 07 is the participant’s number. In total, about 300 phone numbers were involved in this manipulation, with more than 8,000 SMS messages sent from these numbers. All the phone numbers belong to the same mobile operator with the same rate plan used. The involved numbers were out of service at the time of investigation.

As part of the investigation, all voting regions were ranked. One of them was unusually active immediately after the start of the voting. The study shows that the IVR calls were made using automated programs. In particular, calls were made from unique numbers following in a row (for example, 8 (XXX) XXX-XX-38, 8 (XXX) XXX-XX-39, 8 (XXX) XXX-XX-40, 8 (XXX) XXX- XX-41 and others.). More than 30,000 calls were received from such numbers in support of one of the participants.

The results of the audit of the security of the show’s voting system have not been disclosed. All violations revealed at this stage are part of a comprehensive examination and will be complemented with further results of the investigation. Group-IB continues to work on the project and will finish the investigation by the end of this month.

Group-IB will not disclose the information on the regions where the unusually active voting was recorded, until the final report is published. Information about the voting process in the regions that is published by anyone other than Group-IB or Channel One, cannot be considered valid.

Channel One Russia reached out to Group-IB experts to conduct an independent investigation in order to assess the vote counting system’s security and perform a technical and forensic analysis of the calls and text messages in search of any anomalies, use of automated voting tools, and other technological methods of unfair competition among participants. The investigation does not assess the use of endorsements, or the ethical side of the issue.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat Intelligence, Managed XDR, Digital Risk Protection, Fraud Protection, Attack Surface Management, Business Email Protection, Audit & Consulting, Education & Training, Digital Forensics & Incident Response, Managed Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.