image from WIRED
The news of hackers exploiting a “back door” in BMOrg’s new ticketing system broke last week on Reddit. We covered it last Wednesday in Ticket Hell. Now, the story has been picked up by a broader media audience, with stories in WIRED, Computer World, Paste Magazine, CBS Local, and SFist.
Burning Man has practically gone mainstream. The once-fringe desert camping festival is now cultural fodder for The Simpsons and Taco Bell commercials. Celebrities and CEOs routinely attend. So it’s no surprise that 40,000 Burning Man tickets sold out in less than an hour last Wednesday when they went on sale.
But software engineers in Silicon Valley hacked into the Burning Man ticketing system powered by Ticketfly to cut to the front of the queue. Who needs luck when you have engineering skills and you’re willing to use ‘em for your advantage?
…Several engineers and web developers on a Burning Man Reddit thread speculated that hackers were able to create this backdoor after discovering a few lines of JavaScript code on the ticketing website that gave preeminent access to tickets three minutes before they officially went on sale at noon on Wednesday.
“They left code in the page that allowed you to generate the waiting room URL ahead of time,” said Michael Vacirca, a software engineer at a large defense corporation. “If you knew how to form the URL based on the code segment then you could get in line before everyone else who clicked right at noon.”
Burning Man admits the error and says those hacked tickets will be put back up for grabs during the scheduled last-minute sale in August.
[Read the full story at WIRED]
It’s interesting to watch the corporate spin machine in action. Rather than any sophisticated hacking being required, simply entering your code directly into TicketFly seems to have worked. According to hundreds of Burner comments on the Interwebz, clicking the emailed link ten minutes after noon pretty consistently got Burners in to buy tickets immediately, whereas clicking the link a few seconds after noon led to many Burners being stuck in the queue for 90 minutes with no success.
To me, these are the real issues here: it was definitely not First Come, First Served, and it was trivially easy to bypass the queue – multiple methods were used, and most did not require the ability to write code or hack into systems. The focus on these “200 hacker tickets” is smoke and mirrors around the obvious explosion in the number of tickets being listed on the secondary market. Even BMOrg are now encouraging Burners to get tickets and vehicle passes “on the open market”. With software to automatically buy as many tickets as you want from TicketFly selling for a mere $750 – about the profit margin for a single ticket right now – it seems that there continue to be some serious issues with BMOrg’s ticketing system.
Who would have thought they could make it even worse than the lottery? As BMOrg proved with their Spark movie, perceived ticket scarcity makes a nice story for the media.
The way this year’s sale operated, however, didn’t help to dissipate the resentment. Those interested in purchasing tickets were placed in an online queue as each sale was processed and given a time estimate as to how long they would be kept waiting before they could purchase tickets. The time estimates kept shifting, going from an 24 minute wait, to 46 minutes, back down to 18 minutes, to then “more than an hour,” which might as well have read, “abandon all hope ye who enter here.” At one point, the line was inexplicably “paused” for several minutes, causing another nerve-wracking moment on social media.
This drastic, back-and-forth change in wait times gave those in line the illusion that somehow hackers were cutting in front of them and bumping them out of scoring tickets. Burning Man’s social media team responded by saying that the wait times fluctuated based on how long it took each buyer to complete the purchase. It surely didn’t qualm any anxiety to have used such an unpredictable factor as a counter, instead of a fixed number (“There are 39,999 people in front of you trying to buy tickets”).
See the comments from ZOrg in Emotional Roller Coaster From Hell about why this theory of wait times fluctuating because of some people taking a long time to complete transactions doesn’t add up.
This is not the first time Silicon Valley has been criticized for tampering with Burning Man’s ideals and processes. Last year’s festival garnered unflattering feedback from Burning Man die-hards after venture capitalists, executives and celebrities descended on the desert with air-conditioned camps, personal assistants and other VIP-perks. In recent years, Larry Page, Sergey Brin, Elon Musk, Jeff Bezos and Mark Zuckerberg have all scored tickets to Burning Man.
It seems like now, Silicon Valley is leveraging more than its money to get in front of the line.
[Read the full story at WIRED]
Way to shift the blame to your customers, BMOrg. “Silicon Valley is using its technical might to cheat the system and get Burning Man tickets”: it sure makes a great angle for a story, compared to “some people typed the code into TicketFly”.
Actually it’s BMOrg’s leadership that has been criticized for tampering with Burning Man’s ideals, not Silicon Valley. No-one gives a flying fuck if Zuck brings his P.A., but many Burners do care when some on the Board of Directors are selling $17,000 hotel rooms like it’s some sort of Mega-AirBnB in the desert, and getting an unlimited supply of tickets for their customers and sherpas.
Cancelling 200 tickets will do nothing to fix the problems that occurred in the Directed Group and Individual ticket sales. There is no evidence that it will hurt scalpers, indeed it may even punish some Burners for being radically self-reliant. BMOrg have said they will void these tickets and add them back to the OMG sale – so now there are 1200 tickets left, for 60,000 Burners to attempt to buy in milliseconds on August 5.
Pingback: Burning Man Kicks Off Outside Lands Hackathon | Burners.Me: Me, Burners and The Man
Scarcity seems to be the real issue at hand here. There are not enough tickets or space for everyone who wants to attend. You are right that releasing those 200 tickets to the OMG sale will do little to nothing for the 60,000 some odd burners who still want tickets. When will the BMorg start addressing the issue of out growth of the playa?
When no one on the BOrg BoD has private financial interest to lose from relocation.
I guess I could understand CBS and others going with the ‘hacked’ story, but Wired? What happened was so far from a hacking that the story would actually insulting to David who figured out ‘pencil’ was the password… Basically anyone who knows how to internet beyond Googling things on Yahoo would know to check the source code.
And it was all done by sinister Silicon Valley. Are they still writing for the Caribbean Cruise Ship audience.
I have a friend who goes on that 4chan website. This was hack was clearly done by 4chan. I heard it was organized by their pedo and rape gangs on that web site. 4chan plans to send several thousand pedos and rapists to Burning Man to put roofies in the drinks of as many women as possible, and to drag the children off to their luxury RVs and force them to watch SpongeBob while getting them drunk off 2 Buck Chuck.
Why hasn’t the FBI gotten involved yet? What about our women and children? It’s like no one cares about them.
Dear FBI, when several hundred or thousands of women and children end up raped and killed at the event this year, you we know who to blame. Shame on you!
Remember Ruby Ridge?
…No really, do you remember? I forgot. It had something to do with the FBI, or ATF, or FDA.
What do you work for the media? Is this the new attempt at fear mongering? I don’t buy this for shit. Links or your full of lies. Make it happen….”tranny”
Hey, you know, you are right! Ticketing went just fine. No, wait… it did not go fine (because several thousand saw the problem). Hmmm…. OK, ticketing worked as planned. All is under control and all is well. All is well.
All I’m reading here is a bunch of butthurt people complaining that they are more should be more privileged then everyone else. Fuck you and your tickets! I’M A REAL BURNER AND I DESERVE A TICKET MORE THEN YOU! ME ME ME ME ME!!!
If you’re a real burner you know that you should just prepare like you are going to the burn and you’ll find a ticket at some point. Sorry it wasn’t as easy as clicking a link to get it, but Burning Man being easy is ruining Burning Man.
So you did not have to worry about getting a ticket? Good for you. As for being easy, yeah, that was the way it was 5+ years ago, and we could focus our energy on our theme camp. Now just getting the ticket commands all your burner time. Yeah, that’s a better system.
No its not easy, and some of us have been planning and preparing for years as if we could go, and to see it stolen so blatantly from people who saved for years and went through the loops to get ready and waited foran hour and a half when clicking the link after 1 second is pretty bogus. Some people have a lot of obligations and to say that is excluding a large amount of the populous who could get a great experience. If this is really an open event why is it consistently pandering to the rich and privileged. I hope things can be worked out but I hope sincerely this is a wake up call to those who are not seeing the way the burn has become another llc in process of becoming a corporate conglomerate.
More drama. The NPD BOrg love this wider coverage. I just wonder if this is intentional or subconscious in their planning. They are either quite evil (in an NPD way), or grossly incompetent. Can we please find someone to fire, or promote.
OMG that is so horrendous. I can’t believe that there are people out there that would do such a thing and the BMorg well they are just an evil organisation. Get a bloody grip people. This isn’t news. So what, you missed out on a couple of tickets and you can’t go to a popular festival. Boo hoo. Did mummy forget to take you to your violin lessons when you were a child? Maybe daddy didn’t take you to your sports game. The ticketing system sucked and you missed out. Boo hoo. That’s a first world privileged problem. Grow some fricken kahunas and stop winging.
Larry, don’t you haves something better to do than post here?
Nope. It’s Ange from Sydney, Australia. Tired of people winging about first world problems. Wish people would take perspective instead.
I just spend the last 5 seconds thinking about the starving children in… wherever. What should we do about them? It’s really rough. Those distended bellies; eating sand for breakfast…
Now back to our regularly scheduled program: Crimson Rose is the devil.
“BMorg well they are just an evil organisation. Get a bloody grip people. This isn’t news.”
Yes, but it takes some people a while to learn this. It’s that lemming gene kicking in. With about 60,000 of them running off the cliff, maybe a few will get the message.
Ticketfly exposed the URL to the waiting room in the source code of the landing page. Unbelievable. This isn’t even a hack, they should be allowed to keep their tickets.
These hackers are geniuses! If they put that much thought into getting tickets they should be welcome at BRC. Solving problems with skills rather than money! More people like this at the burn please!
Excellent point. Radical self-reliance at its finest. Seriously.
Again, the BOrg do not understand who the burners are. SOP
Exactly… thank you!