📜 ⬆️ ⬇️

CAPTCHA hackers earned $ 25 million

A unique case began to be considered by the New Jersey court. A group of fraudsters and programmers is accused ( act , PDF, 43 p.) Of having earned about $ 25 million from 2002 to 2009 by illegally reselling tickets to concerts, sports and other events. Victim - online ticketing sites, including Ticketmaster, Musictoday and Tickets.com.

The scam is notable for the fact that the fraudsters have developed an automatic system for buying tickets for online sales. They registered two companies (Smaug and Platinum Technologies) solely for the purchase of IP address ranges and the rental of servers, as well as for the registration of about 1000 phone numbers. Through all this infrastructure, tickets were purchased, allegedly from unique buyers.

The whole scam was based on hacking visual and sound captcha. The scammers managed to effectively hack the reCAPTCHA system by intercepting users trying to log in to Facebook, which uses the same system, and automatically compiling a base of correct answers.

Developing a system for hacking CAPTCHA cost, according to rough estimates, several million dollars. The fact is that for some popular events, the whole sale was completed within 30 seconds, so hacking CAPTCHA should work very effectively. Designed bots automatically filled in all the required fields and automatically made thousands of purchase transactions at the same time.
')
One of the main defendants for all frauds is the 37-year-old programmer and system administrator of the company Joel Stevenson, who personally wrote the bulk of the code for conducting online scams, and also managed a team of programmers in the US and Bulgaria. It is known that the three Bulgarian programmers were paid from $ 1000 to $ 1500 per month.

Ticket buying has gained such proportions that in some events Wiseguy has become the largest distributor of tickets. Naturally, he could have bought them cheaper than from competitors. Suffice it to say that in 2007, Wiseguy offered its employees a 100% salary bonus if they could take the company to the level of buying 1 million tickets of a certain price.

In 2007, the company actually broke into a lottery draw of scarce tickets to the playoffs of the NY Yankees team. The raffle was limited to two tickets in one hand, and the company was able to “win” 1924 tickets, which were then sold for about $ 159,000.

Two fraudulent firms have become so impudent that they even placed ads on hiring programmers who have experience in developing CAPTCHA hacking systems. They also sought out and invited interviews to former employees of the victim companies to find out the technical details of the protection measures, the details of CAPTCHA systems and the algorithms for blocking IP addresses.

via Wired

Source: https://habr.com/ru/post/87615/


All Articles