Network Security, Vulnerability Management

Four charged with hacking ticket vendors

In what may prove to be a big win for concert-goers, four men were indicted and charged with using fraud, deceit and computer hacking to get first dibs on tickets to major sporting events, theater productions and concerts, and then reselling them to ticket brokers.

The "conspiracy" lasted from late 2002 through January 2009.

The indictment charges Kenneth Lowson, 40; Kristofer Kirsch, 37; and Faisal Nahdi, 36, all of Los Angeles, and Joel Stevenson, 37, of Alameda, Calif., with conspiracy to commit wire fraud to gain unauthorized access and exceed authorized access to computer systems, according to a statement from the Department of Justice. The indictment also charges the men, operating under the banner Wiseguy Tickets, Inc., with 42 additional counts.

The indictment was unsealed on Monday morning as three of the four men surrendered to the FBI in Newark, N.J., and were expected to appear before a judge in the afternoon. The fourth defendant is expected to turn himself in within the next few weeks. All of the defendants will be arraigned before the United States District Court Judge Katharine Hayden.

The indictment alleges that the scheme, which targeted Ticketmaster, Tickets.com, MLB.com, MusicToday and other online ticket vendors, brought in more than $25 million by acquiring and reselling more than 1.5 million tickets throughout the United States. The scheme targeted concerts by The Police, Billy Joel, Bruce Springsteen, among others; major sporting events, such as the 2006 Rose Bowl and baseball playoff games at Yankee Stadium in 2007; as well as theatrical productions, such as Wicked and The Producers.

“At a time when the internet has brought convenience and fairness to the ticket marketplace, these defendants gamed the system with a sophisticated fraud operation that generated over $25 million in illicit profits.” said U.S. Attorney Paul Fishman. “Today's indictment represents a significant step forward in the fight against those who use fraud to disrupt e-commerce and evade computer security.”

According to the indictment, Wiseguys typically sold the event tickets that it obtained at a markup to ticket brokers in New Jersey and elsewhere, who in turn sold the tickets to the general public at significantly higher prices, according to the DoJ statement.

"The allegations in this indictment represent a scheme orchestrated through technology to cheat the public and circumvent fair business practices in the entertainment industry," said Edward Kahrer, FBI Assistant Special Agent In Charge and head of its corruption program in the Newark Division.

The 60-page indictment explained how Wiseguys was able to circumvent CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) technology put in place by the ticket vendors to thwart online sales of big blocks of tickets. The defendants enlisted computer programmers in Bulgaria to establish a network of computers capable of mimicking individual visitors to the websites of the four online ticket vendors, the indictment alleged. The network gave Wiseguys the ability to flood the vendors' computers the moment that event tickets went on sale. Programming by computer experts working for the Wiseguys was able to speed up the purchase process by automatically completing two different CAPTCHA challenges quicker than any human could accomplish the same task. The defendants therefore were at an advantage in beating the general public to the most desirable seats, according to the indictment.

“The public thought it had a fair shot at getting tickets to these events, but what the public didn't know was that the defendants had cheated them out of that opportunity,” said U.S. Attorney Fishman.

The defendants are also accused of using aliases, shell corporations and fraudulent misrepresentations to deploy their CAPTCHA bots and to disguise their ticket-purchasing activities. They are also alleged to have created and managed hundreds of phoney internet domains and thousands of email addresses to receive event tickets from online ticket vendors.

According to the indictment, defendants Lowson and Kirsch owned Wiseguys and directed all of its operations, while defendant Stevenson, who was the company's chief U.S.-based programmer and systems administrator, programmed aspects of the CAPTCHA bots and supervised Bulgarian computer programmers. Defendant Nahdi is alleged to have been Wiseguys' CFO, managing operations and finances of the company.

If convicted, each defendant faces a maximum statutory penalty of five years in prison on the conspiracy charge and a maximum statutory penalty of 20 years in prison on each wire fraud charge, according to the indictment. In addition, defendants Lowson, Kirsch and Stevenson face other penalties.

U.S. Attorney Fishman credited the Special Agents of the FBI, under the direction of Acting Special Agent in Charge Kevin B. Cruise in Newark, and special agents of the U.S. Postal Inspection Service, under the direction of Inspector in Charge David L. Collins in Newark, with the investigation.

The government is represented by Assistant U.S. Attorneys Erez Liebermann and Seth Kosto in the U.S. Attorney's Office Computer Hacking and Intellectual Property group, within the Commercial Crimes Unit.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.