image from WIRED
The news of hackers exploiting a “back door” in BMOrg’s new ticketing system broke last week on Reddit. We covered it last Wednesday in Ticket Hell. Now, the story has been picked up by a broader media audience, with stories in WIRED, Computer World, Paste Magazine, CBS Local, and SFist.
Burning Man has practically gone mainstream. The once-fringe desert camping festival is now cultural fodder for The Simpsons and Taco Bell commercials. Celebrities and CEOs routinely attend. So it’s no surprise that 40,000 Burning Man tickets sold out in less than an hour last Wednesday when they went on sale.
But software engineers in Silicon Valley hacked into the Burning Man ticketing system powered by Ticketfly to cut to the front of the queue. Who needs luck when you have engineering skills and you’re willing to use ‘em for your advantage?
…Several engineers and web developers on a Burning Man Reddit thread speculated that hackers were able to create this backdoor after discovering a few lines of JavaScript code on the ticketing website that gave preeminent access to tickets three minutes before they officially went on sale at noon on Wednesday.
“They left code in the page that allowed you to generate the waiting room URL ahead of time,” said Michael Vacirca, a software engineer at a large defense corporation. “If you knew how to form the URL based on the code segment then you could get in line before everyone else who clicked right at noon.”
Burning Man admits the error and says those hacked tickets will be put back up for grabs during the scheduled last-minute sale in August.
[Read the full story at WIRED]
It’s interesting to watch the corporate spin machine in action. Rather than any sophisticated hacking being required, simply entering your code directly into TicketFly seems to have worked. According to hundreds of Burner comments on the Interwebz, clicking the emailed link ten minutes after noon pretty consistently got Burners in to buy tickets immediately, whereas clicking the link a few seconds after noon led to many Burners being stuck in the queue for 90 minutes with no success.
To me, these are the real issues here: it was definitely not First Come, First Served, and it was trivially easy to bypass the queue – multiple methods were used, and most did not require the ability to write code or hack into systems. The focus on these “200 hacker tickets” is smoke and mirrors around the obvious explosion in the number of tickets being listed on the secondary market. Even BMOrg are now encouraging Burners to get tickets and vehicle passes “on the open market”. With software to automatically buy as many tickets as you want from TicketFly selling for a mere $750 – about the profit margin for a single ticket right now – it seems that there continue to be some serious issues with BMOrg’s ticketing system.
Who would have thought they could make it even worse than the lottery? As BMOrg proved with their Spark movie, perceived ticket scarcity makes a nice story for the media.
The way this year’s sale operated, however, didn’t help to dissipate the resentment. Those interested in purchasing tickets were placed in an online queue as each sale was processed and given a time estimate as to how long they would be kept waiting before they could purchase tickets. The time estimates kept shifting, going from an 24 minute wait, to 46 minutes, back down to 18 minutes, to then “more than an hour,” which might as well have read, “abandon all hope ye who enter here.” At one point, the line was inexplicably “paused” for several minutes, causing another nerve-wracking moment on social media.
This drastic, back-and-forth change in wait times gave those in line the illusion that somehow hackers were cutting in front of them and bumping them out of scoring tickets. Burning Man’s social media team responded by saying that the wait times fluctuated based on how long it took each buyer to complete the purchase. It surely didn’t qualm any anxiety to have used such an unpredictable factor as a counter, instead of a fixed number (“There are 39,999 people in front of you trying to buy tickets”).
See the comments from ZOrg in Emotional Roller Coaster From Hell about why this theory of wait times fluctuating because of some people taking a long time to complete transactions doesn’t add up.
This is not the first time Silicon Valley has been criticized for tampering with Burning Man’s ideals and processes. Last year’s festival garnered unflattering feedback from Burning Man die-hards after venture capitalists, executives and celebrities descended on the desert with air-conditioned camps, personal assistants and other VIP-perks. In recent years, Larry Page, Sergey Brin, Elon Musk, Jeff Bezos and Mark Zuckerberg have all scored tickets to Burning Man.
It seems like now, Silicon Valley is leveraging more than its money to get in front of the line.
[Read the full story at WIRED]
Way to shift the blame to your customers, BMOrg. “Silicon Valley is using its technical might to cheat the system and get Burning Man tickets”: it sure makes a great angle for a story, compared to “some people typed the code into TicketFly”.
Actually it’s BMOrg’s leadership that has been criticized for tampering with Burning Man’s ideals, not Silicon Valley. No-one gives a flying fuck if Zuck brings his P.A., but many Burners do care when some on the Board of Directors are selling $17,000 hotel rooms like it’s some sort of Mega-AirBnB in the desert, and getting an unlimited supply of tickets for their customers and sherpas.
Cancelling 200 tickets will do nothing to fix the problems that occurred in the Directed Group and Individual ticket sales. There is no evidence that it will hurt scalpers, indeed it may even punish some Burners for being radically self-reliant. BMOrg have said they will void these tickets and add them back to the OMG sale – so now there are 1200 tickets left, for 60,000 Burners to attempt to buy in milliseconds on August 5.