it is amazing you think of it as cheating. if these guys really wanted to cheat we would just max out the extra 25 gigs and get it. We had already gotten 15 gigs legitimately. We aren't insulting the goodwill of Dropbox, we just think its fun to be atop the list despite having a student body of a 5th of what the other universities have. It is also classic tongue in cheek that Ben Bitdiddle and Alyssa Hacker were atop the list. This was a benign prank and was done mostly to amuse. More than the hack itself it was just the timing that makes this hack memorable. It was hardly a non-trivial hack. MIT was leading the space race a few days ago, and then we exhausted our student body and i find it more amusing than desperate to come back in the lead like this. And you know what, somewhere in the offices of dropbox drew and arash are probably smiling profusely and proud of their alma mater.
Automation, spoofing and security breaking tools are improving all the time. It's important that it's security researchers (and students) who are driving the arms race, not the criminal element.
Is it cheating? I'd imagine so, but I'd need to see the rules to make sure. Is it a hack? By my standards, it definitely has hack value [1].
I'm representing another school in the Space Race, but I smiled when I visited dropbox.com/spacerace and saw MIT back at the top of the leaderboard (with less space racers than the previous leader). I couldn't wait to read how they did it. With a smaller student body, they needed to be clever to "win".
I tend to think the space race as a very smart viral campaign. The space is not free; it lasts only for two years, and then you have to start paying for it.
Well, the private aspects of the network. Can't SSH in and certs no longer work. We're not sure if it was an automated response (the Moira system was being taxed pretty hard) or if an individual actually revoked it. It's possible we were bogging down some aspect of the network and this was the easiest way to stop it.
We're hoping for the best. Nobody intended to be destructive, it was just a fun project.
You faked thousands of dropbox accounts, created thousands of fake mailing lists and it seems you bogged down parts of the network. This may not be terribly destructive, but it is reckless and borderline malicious. Someone at MIT and Dropbox will now have to spend their time checking their systems for your manipulations. It may have been fun, but I don't think it was worth it.
It's MIT and Dropbox... I'm sure internally MIT can handle a one thousand new mailing lists at any given occasion (until they are deleted), and I'm 100% sure Dropbox didn't even notice a blip on their network as a result.
And also MIT don't have to check for anything. They deleted everything when they were done.
I don't know why it was such a big deal for some MIT students to feel like they have to win the Spacerace either, but I did actually enjoy the article, although I'm not sure why the effort was made in the first place either.
MIT probably has 100,000+ emails registered. A couple thousand accounts that each get one email sent to them doesn't make much of a dent. The post mentioned the purposeful renaming of lists to avoid being obnoxious. Combine all that with it all happening earlier sunday morning and I doubt it had much effect on the network.
As a student from CMU, I must say, well played, MIT. :) We would have conceived of a hack as well but unfortunately we were in the midst of midterm week. Next time, perhaps. ;)
Dropbox initiated the Space Race as a gesture of goodwill to students, and it's hard to fathom how or why people won't receive it in the same vein.