Hacking Ticketmaster

At 10 a.m. on December 15, 2007, Springsteen fans pounded anxiously at their computers.  The Boss had just announced three concerts at Giant Stadium in New Jersey, and they were desperately trying to score prime seats.

Good luck, right?  With more than 40% of concert tickets now being sold online, it seems impossible to get good seats at face value anymore.  The best ones go in seconds.  Fans are then left to go to ticket resellers like Stubhub to pay a premium for what used to be their basic right.  And sure enough, in a flash that December, the 12,000 front seats for the Springsteen tour were gone.   The fans complained – sparking a federal investigation.  Now we’ve learned where the tickets really went:   to the Wiseguys.

On March 1,  four guys behind a Nevada-based start-up, Wiseguy Tickets, were indicted in New Jersey on 43 counts for fraudulently buying and selling over 1.5 million tickets online - including concerts (AC/DC to Barbra Streisand), Broadway shows (Wicked, The Producers), and sports (Yankees, Rangers).  They made $25 million.  According to the feds, the Wiseguys became “the leading source of the best tickets for the most popular events.”  The Wiseguys' innovation:  “To achieve this goal, Wiseguys deployed a nationwide computer network that opened thousands of simultaneous Internet connections from across the United States; impersonated thousands of individual ticket buyers; and defeated online ticket vendors’ security mechanisms. When online ticket vendors tried to stop Wiseguys from engaging in this conduct, Wiseguys adapted its methods and continued."

This story exposes the underworld of ticket hackers, and the feeble battle the multibillion dollar industry is waging against them.  The battle is over bots. Hackers code and deploy automated programs to log on to online vendors and buy tickets as soon as they go on sale.  Ticket vendors try to prevent this by using programs such as CAPTCHA, which supposedly requires an actual human being to read and retype a distorted image of a word.  The Wiseguys found an ingenious way around this in an elaborate three year operation.  Among other things, they hired geeks in Bulgaria to engineer bots that beat the CAPTCHA filters.  They then made hundreds of bogus websites and emails where they had the tickets sent.

While the Wiseguys face 20 years in prison, the problem is far from over.  Companies are racing to keep bots off their sites, and fans are still getting stiffed.  But lawyers are arguing that no crimes have been broken.  According to the Star-Ledger, one defendant's lawyer "has compared Wiseguy’s business model to a large-scale modern-day version of paying someone to camp outside a box office to buy premium seats for a big show."

It's the sort of question that is playing in other bot battles - are online bots breaking the law?  In online poker, for example, some gamers deploy auto-playing bots.  It's a perpetual cat-and-mouse game, with the sites development countermeasures to sniff out the programs.  I can't imagine that this meta-game will ever end.  

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement