Victoria's Secret Collegiate Collection: Hijacked for the Lulz
Victoria's Secret Pink Collegiate represents everything wrong (but sellable!) about college: bright-eyed, gum-popping sorority girls that coordinate dog leashes to their shoes, non-merit-based exclusivity (unless heart-shaped hickeys count), high-pitched voices, strawberry blondes, fruity body spray, polka dots, and pink.
Victoria's Secret recently gave unrepresented schools the chance to join the Pink Collegiate Collection -- a pupil-dilating clothing line sporting Pinkified uni logos and mascots. Probably for the above-mentioned reasons, a passel of hackers decided to have their way with the system.
Drexel University broke into the Collegiate Collection first, registering five million votes on the online poll -- marking a successful marketing strategy, in VS's opinion, until it found out most of the votes were automated.
"Another computer science major and I had found the Facebook group promoting the contest and [...] we thought it would be funny," said Tim Plunkett of Drexel. He and a buddy created a Perl script that logged over five million votes for Drexel in a paltry 12 hours.
Plunkett attributed his success to the lax security protecting the VS contest site, and over time other programmers from different schools -- including MIT and Virginia Polytechnic Institute -- started competing to see who could infiltrate it most quickly.
Nearly all the schools in the Top 25 were the result of rigged program-generated voting. You can probably tell the auto-bot schools by their unsexy pallor: George Mason, Texas Tech, Zion Bible College, Wellesley. (The last two were nominated courtesy of MIT, which earned a ban for all its zeal.) The contest page now has a disclaimer that shrilly exclaims, "NO cheating! Automated votes will NOT be counted!"
Source site UWire wraps this story up with an on-high lesson from programmers about how companies should be more cognizant of their security needs. I don't think that's sufficient; people are gonna mess with you if they wanna mess with you. So probably the safest takeaway is: "Beware the lulz."