4 charged with hacking into concert ticket sites
Although the tickets they bought and resold were authentic, prosecutors say the group used the programs to bypass safeguards meant to restrict the number of tickets that each customer can buy. According to a 43-count indictment, the four men and their company, Wiseguy Tickets Inc., devised software that impersonated individual ticket buyers to bombard online ticket services such as Ticketmaster and Major League Baseball.
"This drove more tickets into the hands of ticket brokers instead of individuals," U.S. Attorney Paul Fishman said.
The group focused on highly coveted premium tickets to big-ticket events such as concerts by Bruce Springsteen, Bon Jovi, Dave Matthews and Hannah Montana as well as sporting events such as the Major League Baseball playoffs, the 2009 Sugar Bowl and the 2007 BCS college football championship game, Fishman said.
Many of the events were held at New Jersey's Giants Stadium, Izod Center and Prudential Center, but others were spread across the country, including New York City, Chicago, Houston, Los Angeles, Philadelphia, Pittsburgh and Tampa, Fla., according to the indictment.
Kenneth Lowson, 40, Kristofer Kirsch, 37, Faisal Nahdi, 36, all of Los Angeles, and Joel Stevenson, 37, of Anaheim, Calif., face charges that include conspiracy, wire fraud and unauthorized computer access. The wire fraud counts are the most serious and carry a maximum prison sentence of 20 years per count.
Mark Rush, a Pittsburgh attorney representing Lowson, called the indictment "disheartening" and characterized what his client allegedly did as a more sophisticated version of getting a bunch of friends together and sleeping out to try to get tickets first when ticketing offices open in the morning.
"All these guys really did was invent a better mousetrap to buy tickets," Rush said. "That's all."
Attorneys for the three other men did not immediately return phone messages Monday. Lowson, Kirsch and Stevenson surrendered in Newark on Monday; Nahdi is out of the country and is expected to surrender within the next few weeks, according to prosecutors.
According to the indictment, the defendants worked with computer programmers in Bulgaria to create a computer network that was able to fool mechanisms that ticket sites have in place to make would-be buyers prove they are humans.
Such mechanisms, known as CAPTCHA, involve making the buyers type random words or characters shown on their screen before proceeding to purchase tickets. That's difficult for a computer to do, but according to the indictment, the defendants bypassed the system by, among other things, having employees and agents create databases of answers ahead of time by manually going through tens of thousands of CAPTCHA challenges.
The company was able to snap up the best seats as soon as they were made available online because the programs were able to complete transactions more quickly than real humans vying for tickets manually. For example, Fishman said, Wiseguy bought nearly half the 440 available floor tickets for a Bruce Springsteen concert at Giants Stadium in 2008. In most cases, individual buyers are restricted to a maximum of four tickets.
"They undermined the primary market for premium tickets at a slew of events," Fishman said.
The defendants are accused of using hundreds of credit card numbers from ticket brokers and friends, along with thousands of fake Internet domain names and e-mail addresses, to disguise who actually was purchasing the tickets.
Wiseguy then would sell the tickets to brokers for an average markup of $30 apiece, Fishman said, though in some cases the markup reached as high as $1,000 per ticket. The company made an estimated profit of $29 million from 2005 through 2008, according to the indictment.