An in-depth investigation by 404 Media has uncovered a sophisticated technological battle between ticket scalpers and major ticketing platforms like Ticketmaster and AXS.
The full report, available on the 404 Media website, details how scalpers have managed to circumvent anti-scalping measures on supposedly ‘untransferable’ tickets.
The Technology Behind the Tickets
The ‘rotating barcode’ systems employed by Ticketmaster and AXS are at the heart of this issue. These systems generate new barcodes every few seconds. This is made to prevent ticket duplication and unauthorized transfers.
However, scalpers have reportedly reverse-engineered this technology. This has allowed them to generate valid tickets on their own infrastructure.
Security researchers interviewed by 404 Media demonstrated how the ticket-generation process works.
One researcher, known pseudonymously as Conduition, explained that the system operates similarly to two-factor authentication codes.
Essentially, Ticketmaster shares a unique token with the ticket buyer. This token, combined with the current time, allows for the generation of valid barcodes – Conduition told 404 Media.
The Legal Battle
The scale of this practice came to light through a lawsuit filed by AXS in California. The concert giant accuses several companies of creating “counterfeit” tickets by “illicitly accessing and then mimicking, emulating, or copying tickets from the AXS Platform.”
However, the investigation suggests that many of these tickets are not counterfeit in the traditional sense.
Instead, they are often genuine tickets but have been regenerated on separate systems. This method effectively removes the transfer restrictions imposed by the original ticketing platforms.
Several services have emerged to facilitate this process for brokers. These platforms operate largely in the shadows.
According to industry insiders who spoke to 404 Media, some are sold as part of larger ticket management software packages. Others are standalone services marketed through word-of-mouth.
These services allow brokers to generate tickets on their own websites or apps. Then, they can then be shared with customers through secondary market platforms.
Impact on Consumers
For concertgoers, this has led to confusion and concern. Many fans report purchasing tickets through unfamiliar platforms, only to worry about their legitimacy. However, in most cases, these tickets appear to work as intended.
One Blink-182 fan reported on Reddit:
The tickets were legit. Secure.tickets is a real thing.
Similar sentiments were echoed on various fan forums for artists like Fred Again.. and The Killers.
The Broader Implications and Technical Insights
This technological cat-and-mouse game highlights larger issues within the ticketing industry.
Critics argue that the restrictions on ticket transfers are less about preventing scalping. They are more about maintaining control over the secondary market.
Conduition, in their blog post, suggested that:
SafeTix makes it harder for people to resell tickets outside of TicketMaster’s closed, high-margin ticket-resale marketplace, where they make a boatload of money by buying low and selling high to customers with no alternative.
David Pokora, an engineering director at cybersecurity research firm Trail of Bits, corroborated Conduition’s findings. After examining an ‘untransferable‘ ticket, Pokora confirmed to 404 Media that the system remains vulnerable to the methods described by Conduition.
Essentially you can think of this as there being base information, plus the current time stamp – Pokora explained – And with that base information and the time, you can always generate a valid QR code.
Industry Response
Both Ticketmaster and AXS declined to comment on the 404 Media investigation. The lawsuit filed by AXS suggests that the company is struggling to identify all the parties involved in these ticket transfer services.
Conduition suggested to 404 Media that ticketing companies could support “scam-free third-party ticket resale and delivery platforms”. This could be made possible by documenting their ticket QR code cryptography and providing APIs for verification.
But they intentionally choose not to do so, and then they act all surprised-Pikachu when 3rd party resale scams proliferate, – Conduition said. – They’re opting to play legal whack-a-mole with scammers instead of fixing the problem directly with better technology, because they make more money as a resale monopoly than as an open and secure ecosystem.
The 404 Media investigation sheds light on the complex interplay of technology, commerce, and consumer rights in the modern ticketing industry.
Readers interested in the full details of this investigation are encouraged to visit the 404 Media website for the complete report.
The post Ticketmaster’s ‘Non-Transferable’ Tickets Have Been Cracked appeared first on The Groove Cartel.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.