CAPTCHA crackers earn $ 25 million

    A unique case of its kind began to consider the court of New Jersey. A group of scammers and programmers is accused ( act , PDF, 43 pages) of having earned about $ 25 million from 2002 to 2009 by illegally reselling tickets for concerts, sports and other events. Victim - online ticketing sites, including Ticketmaster, Musictoday and Tickets.com.

    The scam is noteworthy in that the scammers have set up an automatic system for buying tickets at online sales. They registered two firms (Smaug and Platinum Technologies) exclusively for the purchase of ranges of IP-addresses and renting servers, as well as for registering about 1000 phone numbers. Through all this infrastructure, tickets were supposedly bought from unique customers.

    The whole scam was based on hacking visual and audio CAPTCHA. Fraudsters managed to effectively crack the reCAPTCHA system by intercepting users trying to log in to Facebook using the same system and automatically compiling a database of correct answers.

    The development of a CAPTCHA hacking system cost, according to rough estimates, several million dollars. The fact is that for some popular events the whole sale was completed within 30 seconds, so the CAPTCHA hack should have worked very effectively. Designed bots automatically filled in all the necessary fields and automatically carried out thousands of purchase transactions at the same time.

    One of the main defendants for all frauds is the 37-year-old programmer and system administrator of the company Joel Stevenson, who personally wrote the bulk of the code for conducting online scams, and also managed a team of programmers in the United States and Bulgaria. It is known that three Bulgarian programmers were paid from $ 1,000 to $ 1,500 per month.

    Buying tickets has gained such proportions that according to some events Wiseguy has become the largest distributor of tickets in general. Naturally, it was possible to buy them from him cheaper than from competitors. Suffice it to say that in 2007, Wiseguy offered its employees a 100% salary bonus if they could bring the company to the purchase level of 1 million tickets of a certain cost.

    In 2007, the company actually hacked into a lottery draw for scarce playoff tickets for NY Yankees. The draw was limited to two single-handed tickets, and the company was able to “win” 1924 tickets, which were then sold for about $ 159,000.

    Two fraudulent companies have become insolent to the point that they even posted job advertisements for programmers who have experience in developing CAPTCHA hacking systems. They also searched and invited former employees of the victims' companies for interviews to find out the technical details of the security measures, the details of the CAPTCHA systems and the IP blocking algorithms.

    via Wired

    Also popular now: