But he and Wright both say making it illegal will not end it. “If there is profit to be made, cybercriminals will continue to exploit it,” Wright said. “The Dark Web and underground black markets are thriving in stolen data, malware, and even attack services for hire. If the use of these bots to purchase tickets becomes illegal, the coded automation used would surely show up for sale on the underground market.”
Essiad said the problem extends beyond sporting events and concerts. Cyber scalpers buy up tickets or reservations for other desirable things like hotel rooms, airline seats, restaurants and more.
“Each airlines has certain number of tickets in each class,” he said. “Bots find all the cheap classes and then release them later.”
The only way to avoid bot purchasing, he said, is to avoid the Internet entirely. Some artists, like the rock band Foo Fighters, held a "Beat the Bots" day a year ago in advance of their tour, where the only way to buy tickets was in person at box offices nationwide. The tickets weren’t available online until more than a week later.
But that is not practical in a widespread way for an economy so dependent on the Internet.
Essiad said technology can make a dent in the problem, “but it has to be a collaborative effort.”
He said his firm and others can use machine learning to, “inspect every connection coming in. We can do that programmatically to help detect a bot, and block it. But at the end of the day, we still don't know who is sending them.
“If you really want to trace back the bad guy,” he said, “the law would need language that would allow us to go back to the hosting provider.”
And that, he said, would likely prompt fierce opposition from privacy advocates.
“When you start invading privacy, people push back, he said, “so it’s a tough battle.”
Sign up for CIO Asia eNewsletters.