Scalpers Busted for Ticket Scam Botnet

Published: November 20, 2010

Three California men have pleaded guilty charges they built a network of CAPTCHA-solving computers that flooded online ticket vendors and snatched up the very best seats for Bruce Springsteen concerts, Broadway productions and even TV tapings of Dancing with the Stars.

The men ran a company called Wiseguy Tickets, and for years they had an inside track on some of the best seats in the house at many events. They scored about 1.5 million tickets after hiring Bulgarian programmers to build “a nationwide network of computers that impersonated individual visitors” on websites such as Ticketmaster, MLB.com and LiveNation, the U.S. Department of Justice (DoJ) said Thursday in a press release.

… Their scheme was remarkably successful. When Bruce Springsteen and the E Street Band played Giants Stadium in July 2008, nearly half of the 440 general admission floor tickets were snatched up by the Wiseguy Tickets network.

The network would “flood vendors computers at the exact moment that event tickets went on sale,” the DoJ said. With computerized CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)-solving, the bots were able to complete transactions faster than any human, giving them an edge in snatching up tickets for the Major League Baseball playoffs, the Rose Bowl and many concerts.

Network World, via Slashdot

How Not To Design a Protocol

Published: October 30, 2010

“Google security researcher Michael Zalewski posted a cautionary tale for software engineers: amusing historical overview of all the security problems with HTTP [categorySeeAlso slug=”cookies”], including an impressive collection of issues we won’t be able to fix. Pretty amazing that modern web commerce uses a mechanism so hacky that does not even have a proper specification.”

Slashdot

The Myth of the 3 Click Rule

Published: October 29, 2010

“The assumption that users must be able to access all content with a maximum of 3 clicks is simply false, and we have the data to prove it.”

Chris Wright @ cmswire.com