Hacking Ticketmaster

Where did the best concert seats go? To the Wiseguys, and their $25 million heist.

2 min read
Hacking Ticketmaster

At 10 a.m. on December 15, 2007, Springsteen fans pounded anxiously at their computers.  The Boss had just announced three concerts at Giant Stadium in New Jersey, and they were desperately trying to score prime seats.

Good luck, right?  With more than 40% of concert tickets now being sold online, it seems impossible to get good seats at face value anymore.  The best ones go in seconds.  Fans are then left to go to ticket resellers like Stubhub to pay a premium for what used to be their basic right.  And sure enough, in a flash that December, the 12,000 front seats for the Springsteen tour were gone.   The fans complained – sparking a federal investigation.  Now we’ve learned where the tickets really went:   to the Wiseguys.

On March 1,  four guys behind a Nevada-based start-up, Wiseguy Tickets, were indicted in New Jersey on 43 counts for fraudulently buying and selling over 1.5 million tickets online - including concerts (AC/DC to Barbra Streisand), Broadway shows (Wicked, The Producers), and sports (Yankees, Rangers).  They made $25 million.  According to the feds, the Wiseguys became “the leading source of the best tickets for the most popular events.”  The Wiseguys' innovation:  “To achieve this goal, Wiseguys deployed a nationwide computer network that opened thousands of simultaneous Internet connections from across the United States; impersonated thousands of individual ticket buyers; and defeated online ticket vendors’ security mechanisms. When online ticket vendors tried to stop Wiseguys from engaging in this conduct, Wiseguys adapted its methods and continued."

This story exposes the underworld of ticket hackers, and the feeble battle the multibillion dollar industry is waging against them.  The battle is over bots. Hackers code and deploy automated programs to log on to online vendors and buy tickets as soon as they go on sale.  Ticket vendors try to prevent this by using programs such as CAPTCHA, which supposedly requires an actual human being to read and retype a distorted image of a word.  The Wiseguys found an ingenious way around this in an elaborate three year operation.  Among other things, they hired geeks in Bulgaria to engineer bots that beat the CAPTCHA filters.  They then made hundreds of bogus websites and emails where they had the tickets sent.

While the Wiseguys face 20 years in prison, the problem is far from over.  Companies are racing to keep bots off their sites, and fans are still getting stiffed.  But lawyers are arguing that no crimes have been broken.  According to the Star-Ledger, one defendant's lawyer "has compared Wiseguy’s business model to a large-scale modern-day version of paying someone to camp outside a box office to buy premium seats for a big show."

It's the sort of question that is playing in other bot battles - are online bots breaking the law?  In online poker, for example, some gamers deploy auto-playing bots.  It's a perpetual cat-and-mouse game, with the sites development countermeasures to sniff out the programs.  I can't imagine that this meta-game will ever end.  

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less