When Good Bots Go Bad: How Ticketmaster Combats Hackers
The ticket industry used to be plagued by scores of scalpers who sat in apartment offices with a collection of laptops, waiting on multiple phones for sporting event and concert tickets to go on sale and then buying up dozens if not hundreds of tickets in order to resell them for a profit.
No one could have foreseen the sinister role that technology, once one of the keys to preventing scalping, would play in enabling nefarious parties worldwide to help feed what would grow into today's “multibillion dollar secondary market for tickets."
With more than 148 million tickets sold each year, Live Nation and Ticketmaster combined a few years ago to become the world’s largest box office. Now, just like the world’s largest banks, governments, and corporations, they’re being hit with coordinated attacks by bots developed worldwide.
Only the box office isn’t being stolen from—in fact, it's being given business, some of which it possibly wouldn’t have received without the “help” of the bots. It’s the consumers who seemingly have zero chance of scoring good seats anymore who are truly the victims.
The New York Times recently spoke with Michael Rapino, Live Nation’s chief executive, who discussed how the ticketing giant isn’t taking the attacks lightly. The company has hired John Carnahan, an expert on machine learning, to help head off attacks that use code being rewritten daily, which Ticketmaster says snags more than 60 percent of the most desirable tickets for some shows. Carnahan explains how he and the company are fighting back:
By monitoring the behavior of each visitor to Ticketmaster’s site, the company can determine the likelihood of a customer being human or a machine. For example, a human may click a series of buttons at a range of speeds and in different spots on a screen, but bots can give themselves away by rapidly clicking on precisely the same spot each time.
The problem with fighting bots on your website is that they’re not all bad; many provide key SEO data that companies rely on to get ahead. ReadWrite praises bots, even with their cost, by saying “the challenges of applying software agents and artificial intelligence to business solutions is nothing compared to the potential payoff to users.”
However, when you open the door for the good bots—especially if they provide you with that high search ranking for which you’re paying—the wicked ones will surely follow. As a Business 2 Community article points out:
While you want legitimate bots crawling your site and indexing your pages for search engine optimization purposes, you don’t want to allow just any bot to get in. Hackers use these bots to crawl for sites that they can use maliciously. In addition to searching for exploitable vulnerabilities, these bots can wreak havoc on your bandwidth, shutting down your site to legit traffic if you go over your allotted amount.
