“Usually people are hacking to steal things…these people were hacking just to get a chance to spend $400 to get a ticket”
It’s amazing how this narrative is so quickly being spun by BMOrg’s PR machine to “Silicon Valley techies hacked Burning Man and stole tickets from everyone else”, and away from “the ticketing system was not First In First Out and all you had to do to buy tickets was go through Ticketfly’s web site and ignore the queue”. Once again, the Burners get the blame – just for exercising Radical Self Reliance. And BMOrg, rather than accepting responsibility for the unique system they’ve designed and the problems it caused for tens of thousands of their most loyal customers, gets to play the innocent victim.
Despite the story going global, BMOrg haven’t even looked at the report from Ticketfly yet. From SFGate:
While Burning Man organizers confirmed they had been hacked — and that the suspected parties would be stripped of their tickets — they said they needed to see the report from Ticketfly to get into the details. Whether actual hackers posted their exploits on social media was unclear.
“We may have more information later, but Ticketfly is taking the lead on figuring out what happened,” Burning Man spokesman Jim Graham said Monday. “We don’t want to say anything that is incorrect.”
BMOrg confirmed they had been hacked? Not Ticketfly? Hmmm….
I was in at 12:00:56 and didn’t get tickets. Some were there at 12:00:02 and didn’t get them. Others logged in at 12:10 and later and bought tickets. THAT is the biggest problem, and is nothing to do with hackers.
Let’s take a condensed look at the ticket problems, as reported by Burners:
- People wrote scripts to connect to the link at exactly 12:00:00
- People looked at the source code of BMOrg’s web page and found what the URL would be for the link to the waiting room; entering this URL in their browser meant they didn’t have to wait until the button turned green to get in the queue
- Bots were for sale for $750 that automatically bought tickets from Ticketfly
- People logged in after the “Pause” and got straight through
- People logged directly into Ticketfly, chose Burning Man, and entered their code
- People on mobile devices on Verizon got straight through
[if you’re aware of any others, please share]
According to BMOrg, echoed through the world’s media:
200 Burners used sophisticated software hacking techniques to place themselves at the front of the queue
The comments to the WIRED article (and at Burners.Me) have been quite dismissive of the use of the word “hacking” in this story.
None of the numbered examples I listed require any hacking, or any code to be written, although #1 and #2 do require some very basic technical knowledge. So do all these methods get a pass, and there was another hack that we don’t know about? Or is BMOrg trumping up #2 as the scapegoat for all their ticket woes – before they’ve even received the report from Ticketfly? Is this whole story they’re telling simply based on speculation on Reddit? “We found these 200 people in the queue before 12:00:00, they must all be hackers”.
Even if there were more techniques used to circumvent the system, including hacking directly into the servers involved…it does not change the appalling delay between the last ticket being sold, and the 60,000 unlucky Burners in the queue being notified that they were only waiting to make a donation. For that one, they can’t blame hackers.