• Resources
  • Blogs
  • Evolution of Scalper Bots Part 3: Expansion into New Markets

Evolution of Scalper Bots Part 3: Expansion into New Markets

Alex McConnell
Alex McConnell
06/09/24
6 Minute read
Shoes

Article Contents

    Welcome back to the next blog in our Evolution of Scalping series. During our last blog we covered the landmark case that exposed the power of automated purchasing – Wiseguy Tickets. We detailed their operation and their use of bots, which allowed them to snatch up huge volumes of available tickets for high-demand events.

    This case was the first publicly noted arrest for ticket scalping using bots and marked the beginning of a new era in eCommerce. The Wiseguy operation allowed them to dominate the market for premium tickets by beating human buyers, even bypassing the technical mitigation of the time – basic text CAPTCHA. But what truly captured the attention of the public was the staggering profitability of the operation. Wiseguy tickets reportedly amassed over $25m in profit within just a few short years, demonstrating the lucrative potential of bot-driven scalping.

    This story showed what could be possible with the use of bots, and it didn’t go unnoticed. The Wiseguy Tickets case not only exposed a vulnerability in online sales systems, but also inadvertently provided a blueprint that would be followed by others.

    The State of Scalping in 2010

    As we step beyond this case, into the period between 2010 to 2014, we see the ripple effects of the Wiseguy case spreading throughout additional markets. This period represents a turning point in how scalper bots have grown, both in terms of technical sophistication but also in broadness of targets.

    This blog post will continue to follow the journey of scalping as it expanded beyond ticketing, taking root in markets like limited sneakers, electronics, and collectables.  We’ll continue to touch on the ever-expanding technological arms race between scalpers and how retailers tried to control them.

    The modern struggle between gatekeepers, fans, and resellers weaponizing bots was only intensifying entering the mid-2010s: a struggle where bot users’ financial success seemingly came at direct cost to perceived fairness and public faith in the online ticketing and commerce systems

    Immediate Aftermath of Wiseguy Tickets

    In the immediate aftermath of the Wiseguy Tickets case, various jurisdictions started crafting laws to curb ticket scalping. For example, Quebec implemented an anti-scalping law in 2011, though it faced fierce contestation from resellers.

    Despite these efforts, the cat-and-mouse game between scalpers and event organizers intensified. In 2011, Coachella scalpers were able to obtain over 75,000 tickets for the event, which were being sold for three times the markup on eBay and StubHub.  

    By 2014, artists again were taking matters into their own hands. The Foo Fighters, for example, introduced a “Beat the Bots” scheme for ticket sales, which saw pre-sale tickets only be sold in person at pop-up box offices around the US. That same year, legal action was taken against several individuals who exploited compromised accounts to purchase concert tickets. This case highlighted the increasing criminal tactics that some were willing to employ to profit from scalping operations.

    Further Expansion into New Markets

    As bots evolved, so did their targets. The sneaker industry, with its limited releases and hugely passionate collector base, became the next focus.

    The roots of this shift can be traced back to the 1980s and 1990s, when Micheal Jordan’s partnership with Nike and advertisements produced by Spike Lee transformed sneakers from purely sports equipment to culture and fashion statements. By 2010 the subculture for sneakers was booming, with its own vernacular, media outlets, and lucrative secondary resale market.

    The Birth of Sneaker Bots: Nike’s Doernbecher Air Jordan 9 Twitter Raffle

    In 2012, when Nike introduced a Twitter-based raffle system for the coveted Doernbecher Air Jordan 9s, bots quickly exploited it. These bots were programmed to monitor Nike’s Twitter accounts and instantly respond to keywords like “RSVP now” or “Doernbecher,” entering the raffle faster than any human could. Frustrated sneakerheads vented on Reddit and forums as bots consistently snagged hyped Nike and Adidas releases to resell with massive markups, leading some to call these drops “sneakerbot season.”

    From that Twitter bot came a slew of others: bots such as RSVP Sniper, Another Nike Bot, Nike Shoe Bot, Better Nike Bot, and EasyCop Bot soon flooded the online sneaker marketplace. There were two main parts of these bots; a part that dealt with adding items to cart, alongside a part that performed the checkout process. Some of them had advanced features, ‘like the ability to add a short delay to the checkout process to fool a potential security measure’. These bots were largely successful. For example, the man behind RSVP Sniper Bot netted $250,000 from one Nike x Supreme drop.

    The Media Starts to Take Note of Sneaker Botting

    By 2014, mainstream media outlets were starting to take notice of bots and their impact on sneaker culture. Complex published an article titled “How Hackers Make Buying Sneakers Unfair” detailing the frustration of genuine enthusiasts. Another piece by FiveThirtyEight, “You see sneakers, these guys see hundreds of millions in resale profit” highlighted the financial incentives driving bot usage in the sneaker market.

    Sneaker Freaker magazine questioned whether bots were here to stay, reflecting the industry’s growing concern. Meanwhile, Complex began interviewing resellers who discussed their use of bots and speculated on how changes in the industry might affect their operations.

    The Forming of Bot Communities

    With the potential for profit from scalper botting becoming more evident, communities of bot users begun to spring up. Sneaker enthusiasts set up bot-centric groups. Platforms like NikeTalk and subreddits like r/shoebot and r/sneakerbots became hubs for sharing techniques, discussing the best bots and comparing successes. These, along with sites like Sneaker Freaker, which was founded in 2002, acted as early ‘cook groups’ – detailing information about hype sneaker releases.

    The were several types of people engaging with these groups. Some were frustrated sneakerheads believing this might be the best opportunity to obtain releases. Others were experienced bot users sharing information about how to beat defenses or users of specific bots sharing techniques for that bot, along with their success. The groups grew rapidly, as media reports on the money-making potential of botting enticed more people to try for themselves.

    Response From Retailers and the Technical Arms Race

    The rapid growth and increasing sophistication of bot communities presented a major challenge for ticketing sites and retailers, compelling them to develop new strategies to keep up, protect their products, and ensure fair access for all customers. This period saw the start of a rapid cycle of defenders introducing increasingly significant technical antibot measures, followed by equally quick adaptations by bot developers.

    In 2012 for example, following the Wiseguy Tickets case, Ticketmaster acknowledged the growing threat of bots in a blog post, pledging to “lead the fight against bots”. They began implementing more sophisticated CAPTCHAs, more stringent rate limiting, basic IP tracking and purchasing limits. However, whilst these worked for a time, they often proved to be small speed bumps for determined scalpers, who quickly found ways to circumvent them.

    The emergence of ‘TicketMaster Spinner Bots’ in late 2012 demonstrated how quickly bot makers could adapt to new mitigations. Bot groups designed these tools to bypass Ticketmaster’s new defences.

    Sneaker Retailers’ Response to Scalping

    The bot impact on the sneaker market was so severe that Nike implemented various countermeasures. In 2014, they partnered with Confident Technologies to implement a new CAPTCHA-style system specifically designed for their add to cart process. This was designed to be as challenging as possible for bots, without creating friction on end users.

    Towards the end of 2014, Nike began to shift solely towards raffle entries to curtail bots. However, Nike ran these early raffles on Twitter, which was problematic, as showcased during the 2012 Doernbecher Air Jordan 9s release. In response to attackers creating Nike Twitter bots, the company began protecting their RSVP hashtags, which were used to obtain allocation for drops. They began varying the hashtags and placing them inside of images to make it harder for bots to scan for, and automatically respond to, release information.

    However, sophisticated bots swiftly countered these innovative strategies. Developers quickly engineered tools to open multiple sessions, bypass CAPTCHAs, and interpret image-based information. This escalating arms race emphasized the growing complexity of the bot problem and the relentless need for technical and process innovation in e-commerce. As retailers like Nike adapted, it became evident that the fight against bots would demand continuous evolution and increasingly advanced technical solutions.

    Coming Up Next

    The period from 2010 to 2014 marked an important point in the evolution of scalper bots. What began with opportunistic automated buying by Wiseguy tickets was escalating into a technical arms race that continues to be played out today. We witnessed the expansion of targets and the birth of botting communities, along with the increasingly sophisticated measures implemented to meet the bots head on. As we close out 2014 in our series, it was clear that the arms battle was far from over. In fact, it was only just starting to heat up.

    In our next blog post in this series, we will cover the period of 2015 to 2017, a period of bot innovation. We’ll also examine the legal landscape as it shifted during this time. But perhaps most intriguingly, we’ll look at how bots continued to diversify their targets – from sneakers and tickets, to just about anything that would make them profit, causing challenges for retailers across a broad spectrum of industry verticals.

    Join us next time for part four in our review of the story of scalper bots.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
    Book

    Related Blogs

    Price Scraping: How Does it Work and Who is at Risk?
    Blog
    Alex McConnell
    |
    19/11/24

    Ask the Experts: Black Friday Bot Attacks

    Get expert insights on the growing threat of Black Friday bot attacks and what retailers can do to stay one step ahead.
    Shopping trolley
    Blog
    Alex McConnell
    |
    14/11/24

    Evolution of Scalper Bots Part 5: The Rise of Retail Scalping

    Delve into the professionalization of scalper bots and the challenges in anti-bot legislation in our insightful blog post.
    Person hiding behind Google logo
    Blog
    Alex McConnell
    |
    13/11/24

    How Bot Expertise Stopped the Google Translate Bot Proxy Technique

    The Netacea data science team reveals a new attack technique: web scrapers using Google Translate as a proxy. Learn how to detect and protect against this evolving bot threat.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats

    Book a Demo

    Address(Required)
    Privacy Policy(Required)