Burning Man queue jumping hackers caught out

The online queuing system for the 40,000 tickets to the Burning Man festival was hacked by 200 people accessing a ‘technical backdoor’ to virtually queue jump, according to Computer World.

An official statement on the Burning Man blog revealed that around 200 people managed to use a ‘technical backdoor’ to the ticket sale, cutting-in to the front of the virtual line. “The good news (for us, not them) is that we can track them down, and we’re going to cancel their orders,” the blog post reads, adding that the 200 confiscated tickets will be part of a planned last-minute sale in August. “Of course, steps are being taken to prevent this from happening again in future sales,” the post added.

While organizers didn’t reveal the full nature of the exploit, some have speculated at what it may have been. One plausible explanation came from Michael Vacirca, a software engineer, who told Wired that, “They left code in the page that allowed you to generate the waiting room URL ahead of time. If you knew how to form the URL based on the code segment then you could get in line before everyone else who clicked right at noon.”

Despite this relatively small number of virtual queue jumpers, many of the 80,000 people trying to access the 40,000 tickets available were left frustrated with the impression that hackers were taking more tickets than the official response suggests. This was in part because of wildly fluctuating ‘estimated wait times’, which swung from a couple of minutes to nearly an hour, seemingly at random, giving the impression that queue jumpers were pushing patient would-be festival goers down the pecking order.

The official blog post explains this by stating that the times fluctuated based on “the time it’s taking people to actually make their purchase, which is determined by how fast people click and type, how fast the servers are processing, and how fast the queue is releasing people into the purchasing stage.”

The organizers explained that although the queue was paused for five minutes to allow “the system to catch up”, the servers never crashed through the demand.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.