• Resources
  • Blogs
  • Evolution of Scalper Bots Part 2: The Birth of Scalper Bots

Evolution of Scalper Bots Part 2: The Birth of Scalper Bots

Netacea logo
Threat Research Team
22/08/24
5 Minute read
taylor swift blog banner image

Article Contents

    Welcome back to our Evolution of Scalper Bots series. In part one, the Origins of Scalping, we started our journey through scalping’s long history. We saw that it is far from a new concept: people have been reselling high-demand items for centuries, from as far back as 325 BCE!

    We’ll continue our journey at the turn of the 21st Century. With the advent of online ticketing, a new frontier had just been opened for scalpers, and things would never be the same again. In this blog, we will cover the story of the first sophisticated automated scalping operation – when this old trick met new tech.

    Let’s jump in and see how four tech savvy officials of a Nevada company, Wiseguy Tickets, Inc. changed the game of online ticket sales, setting the stage for the scalper bots as we know them today.

    The Wiseguy Tickets Case

    The shift to online ticketing in the early 2000s presented a new opportunity for scalpers. No one seized it more famously than Wiseguy Tickets. According to the prosecution, from 2005 to late 2008, Wiseguy Tickets purchased an estimated 1.5 million tickets, earning the operation over $120 million in gross revenues and approximately $29 million in profits. They did this by creating a network of bots that were able to impersonate thousands of individual ticket buyers, effectively circumventing the security and fraud protection measures implemented by major online ticket vendors like Ticketmaster, MusicToday, and Tickets.com.

    How Wiseguy Tickets Succeeded

    Using a network of bots, Wiseguy Tickets were able to ‘pull’ (i.e., purchase) an overwhelming number of premium tickets for all manner of events. This made them one of the main sources for coveted seats through their network of brokers.

    One of their first notable successes was U2’s Vertigo Tour in 2005, during which the band promised fan club members the opportunity to buy tickets first. A $40 membership fee got fans a special presale code allowing them to purchase up to four tickets. Wiseguy’s bots spent over $200,000 on memberships, allowing them to instantly snatch up some of the choicest seats in top markets like New York and Los Angeles. Wiseguy then resold the tickets at massive markups. From that tour alone, the company raked in over $2.5 million in profit

    There were many other examples of such success. In late 2007, Wiseguy Tickets obtained over 11,700 tickets to Bruce Springsteen’s 2008 US Tour. Around the same period, they also acquired approximately 12,000 tickets for various Miley Cyrus/Hannah Montana concerts around the US.

    However, their operation was not only limited to concerts. In 2006, Wiseguy Tickets were able to pull close to 90 percent of the tickets for the Rose Bowl Football Championship game, purchasing 882 out of 1,000 tickets. In 2007, they circumvented a ticket lottery for the New York Yankee’s MLB Playoff games and purchased 1,924 tickets. The lottery was intended to restrict purchases to two tickets per person. They also targeted the 2008 US Tennis Open, and musicals such as Wicked.

    Bot Mechanics: Wiseguy Tickets Tactics

    Reviewing the court documents related to their indictment reveals that Wiseguy Tickets’ success hinged on automating the ticket-buying using many of the tactics still employed by bots today. They also leveraged strategic broker relationships to secure large quantities of premium tickets. Here’s a closer look at how they managed it:

    • Fake Account Creation and/or Credential Acquisition: The operation focused on leveraging existing accounts rather than acquiring credentials fraudulently.
    • Monitor Bots: Wiseguy deployed ‘monitor bots’ to keep tabs on ticket availability across platforms like Ticketmaster. These bots were designed to gain early access to tickets by simulating connections across the US.
    • Defence Bypass (CAPTCHA Bypass): To bypass mitigations like CAPTCHA challenges, Wiseguy Tickets created CAPTCHA bypass tooling. They hired programmers to develop the tools using technology such as Optical Character Recognition (OCR). They continued to retool and adapt as different CAPTCHA variants were released.
    • Defence Bypass (IP Rotation): Wiseguy used two shell companies, Smaug and Platinum Technologies to acquire subnets of IPs and servers that could be used to carry out the ticket scalping. They then used IP rotation to rotate their traffic through multiple different proxies to give each connection (or group of connections) a new IP address.

    Utilising the BLADE Framework, we can start to map out the tactics their operation used:

    Resource Development

    • TAC-02: Credential Acquisition: using legitimate accounts to help achieve their goal.
    • TAC-03: Infrastructure Acquisition: buying, leasing or renting infrastructure such as IP subnets.
    • TAC-04: Payment Detail Acquisition: acquiring financial information, such as credit or bank card details to make ticket purchases in different names.
    • TAC-05: Tool Development: developing automated tooling to purchase tickets from ticket vendors.

    Reconnaissance

    • TAC-06: Specific Target: identifying the mitigations in place by the vendors such as Ticketmaster that were selling the tickets and using monitor bots to identify the exact moment tickets were available for purchase.

    Defence Bypass

    • TAC-08: Mitigation Bypass: bypassing CAPTCHA-based defensive measures.
    • TAC:09: Human Emulation: imitating thousands of humans at a time to purchase tickets.
    • TAC-10: Proxying: hiding the true origin of traffic to bypass IP blocks in place.

    Attack Execution

    • TAC-12: Account Creation: creating accounts that can be used to make ticket purchases.
    • TAC-15: Stock Purchase: using bots to perform a fully automated completion of a transaction procedure at speeds far greater than those at which a human could perform the same actions.
    • TAC-16: Spinning: holding tickets until Wiseguy employees decided which seats were the most desirable ticket seats to purchase. For example, in one case, the bots had 500 tickets and then employees opted to only purchase 68 of them.

    Post-Attack

    • TAC-24: Sale: having acquired large amounts of tickets, reselling them to their network of ticket brokers.

    The Business Behind the Bots

    Whilst this technical use of automation was important, there were other factors to Wiseguy Tickets’ success. Their operation didn’t just rely on bots; it was equally about how they were able to monetize the acquired tickets.

    Wiseguy Tickets maintained an extremely close working relationship with ticket brokers, who were their primary customers. These brokers would act as a middleman to resell the tickets for considerable markups – Wiseguy took their cut by charging a percentage above the face value of tickets. This relationship allowed them to turn their bot acquired tickets into direct revenue.

    An interesting quote from page 44 of their court documents also reveals a strategic approach to pricing. They carefully discussed how much to charge brokers, balancing market demand and ticket scarcity to maximize their potential profits. This allowed them to dominate the secondary ticket market, ensuring that both they and their broker business partners were able to profit handsomely.

    Dismantling the Operation

    Wiseguy Tickets’ dominant ticket scalping operation triggered outrage, and at the same time, gave the public its first glimpse of the money-making potential of ticket bots. While Ticketmaster accused them of “hacking,” Wiseguy insisted their methods simply leveraged Ticketmaster’s systems rapidly and efficiently. 

    Regardless, the Wiseguy case thrust scalper bots into the mainstream. It exposed an enormous weakness as ticket sales moved online – the lack of bot protections. The Wiseguy founders proved that almost any major event’s ticket supply could be exploited at unimaginable scale with minimal human effort. 

    Though their practices raised ethical questions, Wiseguy Tickets had built one of the world’s first bot-fuelled ticket empires. Eventually they were taken down when prosecutors pushed the envelope on the federal computer-hacking law by asserting that bypassing CAPTCHA constituted unauthorized access of ticket-seller servers.

    Coming Up in Part Three

    As we’ve seen, the case of Wiseguy Tickets marked a pivotal moment in the story of scalping. Their ticket scalping bots not only revolutionized the ticketing industry, but also brought about broader transformations in the way we buy and sell high demand goods online. The ripples of this innovation continue to shape digital commerce today.

    But that’s not where the story ends, far from it, that’s just where the story truly begins. In our next blog in the series, we’ll delve into the aftermath left in the wake of the Wiseguy Tickets case and explore how the use of automation spread beyond the realm of concert tickets. We’ll explore the early days of automated scalper bots in other industries, with a particular focus on the lucrative sneaker market, which grew exponentially with the rise in sneaker culture – a now multi-billion-dollar sub-industry.

    As these bots grew in both sophistication and volume, we witnessed the beginning of an escalating cat-and-mouse game. On one side, scalpers continue to retool, continuously refining techniques and expanding into new industries. On the other hand, organizations scramble to put mitigations in place to protect their inventory, while governments grapple with the challenge of crafting and passing legislation to curb automated scalping.

    Join us next time as we investigate the complexities of adoption, innovation and regulation moving into an ever-evolving online retail and resell environment. The battle between scalper bots and retailers was only just beginning…

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
    Book

    Related Blogs

    Hand holding magazine
    Blog
    Threat Research Team
    |
    10/10/24

    Combating Content Theft: Maximize Revenue by Securing Your Content

    Discover the impact of content theft and web scraping on your business. Find out how to handle this growing issue and protect your digital assets.
    Fingerprint
    Blog
    Threat Research Team
    |
    24/09/24

    The Truth About Why Server-Side Bot Management Beats Client-Side

    Learn why server-side bot management outperforms client-side detection. Discover how Netacea’s server-side solution enhances security, reduces risks, and scales efficiently.
    Rock music
    Blog
    Threat Research Team
    |
    11/09/24

    How Scalper Bots Evaded Detection to Snatch Oasis Tickets

    Delve into the world of scalper bots and their impact on ticket sales for the highly anticipated Oasis reunion. Learn how they exploited the demand for tickets.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats

    Book a Demo

    Address(Required)
    Privacy Policy(Required)