Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 6th, 2010

Botnet Used To Solve CAPTCHA And Snatch Up Premium Tickets

The perpetrators of a ticket fraud operation that made use of a botnet to subvert protection mechanisms enforced by ticket vendors were indicted earlier this week. The dedicated network of computers spread across the U.S. ran software that impersonated legit buyers and solved CAPTCHA tests.

It’s a well known fact that in order to ensure a fair distribution of tickets to the public, online ticket vendors enforced restrictions such as limiting the number of seats a single individual could obtain. In addition, to make sure that only real humans are able to acquire tickets, the order forms are usually accompanied by CAPTCHA challenges.

The indictment filed in Newark, New Jersey, names Kenneth Lowson, Kristofer Kirsch, Joel Stevenson and Faisal Nahdi as defendants. They operated through several companies and are collectively referred to as the “Wiseguys,” after Wiseguys Tickets, Inc., the first and primary firm they controlled.

The operation, which lasted from late 2002 until January 2009, involved fraudulently purchasing thousands of tickets for various events across the United States, and selling them to ticket brokers at higher prices. Investigators estimate that the Wiseguys racked up profits of almost $29 million by re-selling 1.5 million tickets.

In order to pull off the scheme, the gang employed programmers in the United States and Bulgaria, who coded and constantly adapted the software used to acquire the tickets. The program was so good that it solved CAPTCHAs far quicker than humans and was able to snatch up the best seats at high-profile events as soon as tickets went on sale.

But according to prosecutors, the defendants did not only stop at damaging online ticket vendors’ ability to ensure a fair distribution of tickets. Instead, they went as far as setting up a competing company to distribute tickets on behalf of artists or venues and giving assurances that it was capable of doing what the other vendors were failing to do.

“This affair is a perfect example of a targeted attack (here against the online ticket vendors) using malware that is not widespread. The affair demonstrates how important it is for administrators to keep watch over their networks and watch for even the slightest anomalies,” notes Francois Paget, threat researcher at McAfee.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Pushdo Spam Botnet Pierces Microsoft Live Through Audio CAPTCHA
  • Koobface Worm Creates A Low-cost, Distributed CAPTCHA Breaking Service
  • D-Link Wireless Routers With New ‘Security Feature’ Are Susceptible To Network Intrusion
  • Google’s Blogger CAPTCHA Under Automated Registrations Attack
  • Automated Malware Attacks Hit Facebook, CAPTCHA Possibly Cracked

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Botnet Used To Solve CAPTCHA And Snatch Up Premium Tickets

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.