How to Hack Burning Man – and Get Caught

WIRED

Burning Man tickets are notoriously difficult to score. Some hackers decided to cut in line. Link: Wired.com

Publication:
WIRED
Author:
Oscar Raymundo
Date:
February 23, 2015

In just the last year, Burning Man has gone from an underground desert camping festival to cultural fodder for The Simpson and Taco Bell commercials. Now more popular than ever, it’s no surprise that 40,000 Burning Man tickets sold out in less than an hour on Wednesday when they went on sale. But some ticket buyers had a technical advantage. Software engineers in Silicon Valley were able to hack into the Burning Man ticketing system powered by Ticketfly to cut to the front of the queue. Not the group to let cosmic karma bypass them, Burning Man officials have just announced that they will track and cancel the hacked ticket orders.

“The good news (for us, not them) is that we can track them down, and we’re going to cancel their orders,” according to Megan K. Miller, Burning Man’s director of communications. “Steps are being taken to prevent this from happening again in future sales.”

While 80,000 would-be Burners all over the world waited their turn in a so-called “first come first serve” online queue to purchase tickets, 200 software-savvy engineers discovered a design flaw on the ticket page that allowed them to generate a spot ahead of everyone else in line. During the ticket sale, Rob Banagale, the San Mateo-based founder of the Gliph messaging app, tweeted that he had “figured out a hack” to get to the front of the line and had the screenshot to prove it. Similarly, Jonathan Hart, a software engineer at Idle Games in San Francisco, tweeted that he had somehow navigated Ticketfly’s web servers and “crawled out” with two tickets to Burning Man.

During the ticket sale, more reports continued to surface on social media claiming Ticketfly had somehow been susceptible to hacking. Even before tickets officially sold out, the perception that hackers were cheating the system was so prevalent that it quickly became a source of both resentment and parody among Twitter users.

On Thursday, Burning Man’s top brass released a statement after compiling technical information from Ticketfly, confirming that a “backdoor” had been created by hackers.

“Approximately 200 people created a technical ‘backdoor’ to the sale and made their way to the front of the line,” according to the statement. “Absolutely no tickets were sold before the sale opened, but they were able to purchase the first batch of tickets when the sale started.”

Several engineers and web developers on a Burning Man Reddit thread speculated that hackers were able to create this “backdoor” after discovering a few lines of JavaScript code on the ticketing website that gave preeminent access to tickets three minutes before they officially went on sale at noon on Wednesday.

“They left code in the page that allowed you to generate the waiting room URL ahead of time,” said Michael Vacirca, a software engineer at a large defense corporation. “If you knew how to form the URL based on the code segment then you could get in line before everyone else who clicked right at noon.”

Admitting this error, Burning Man claims it will track down the orders that were placed using this “backdoor” and cancel them. Those tickets will be made available in a last-minute sale in August.

The Burning Man ticket distribution system has always been met with its fair share of criticism. Whether the tickets are distributed via a lottery system or via a website that keeps on crashing, the fact is that there are never enough tickets to meet the demand. There’s always going to be those Burning Man hopefuls who feel like they’ve been cheated out of their destined spot to adult Disneyland.

The way this year’s sale operated, however, didn’t help to dissipate the resentment. Those interested in purchasing tickets were placed in an online queue as each sale was processed and given a time estimate as to how long they would be kept waiting before they could purchase tickets. The time estimates kept shifting, going from an 24 minute wait, to 46 minutes, back down to 18 minutes, to then “more than an hour,” which might as well have read, “abandon all hope ye who enter here.” At one point, the line was inexplicably “paused” for several minutes, causing another nerve-wracking moment on social media.

This drastic, back-and-forth change in wait times gave those in line the illusion that somehow hackers were cutting in front of them and bumping them out of scoring tickets. Burning Man’s social media team responded by saying that the wait times fluctuated based on how long it took each buyer to complete the purchase. It surely didn’t qualm any anxiety to have used such an unpredictable factor as a counter, instead of a fixed number (“There are 39,999 people in front of you trying to buy tickets”).

This is not the first time Silicon Valley has been criticized for tampering with Burning Man’s ideals and processes. Last year’s festival garnered unflattering feedback from Burning Man die-hards after venture capitalists, executives and celebrities descended on the desert with air-conditioned camps, personal assistants and other VIP-perks. In recent years, Larry Page, Sergey Brin, Elon Musk, Jeff Bezos and Mark Zuckerberg have all scored tickets to Burning Man.

It seems like now, Silicon Valley is leveraging more than its money to get in front of the line.

Related Projects

Visual Portfolio, Posts & Image Gallery for WordPress
Richard Branson
Interviews
Vogue México
Culture
VICE
Culture