Bots, automated programs that can perform online tasks exponentially faster than our poor meatbags, have been the bane of the concert-ticket buying public for decades.
A single bot can purchase more than a thousand tickets in less than 60 seconds. Here’s an example of two bots collecting 15,000 tickets per day. It is estimated that bots account for at least 40% of the traffic to ticket sales sites when popular shows go on sale. In some cases, that number reached 96%.
There are thousands of these online, where you get out of the queue, buy a ticket, and then immediately send it to a reseller site for a huge profit. You can scoop up “tickets limited to four per person” in less time than it takes to enter credit card information.
How does it work? The speed of bot attacks and the sheer volume of bots can overwhelm systems, overwhelming humans as nanosecond sales begin.
Professional bots use Ticketmaster, for example, to create hundreds or thousands of accounts or somehow take over existing accounts by guessing passwords or cracking credentials. Because everyone is waiting for tickets to go on sale, purchase bots (bots are plural, there isn’t just one) simulate a lot of people waiting in line to buy.
Once a sale begins, we use a script to go through the purchasing process. Known as “fast-track bots,” programs can open up to 100 purchase windows at the same time and process payments right away. Others put tickets in their shopping carts, making them unavailable to others. Tickets will be held until you can purchase them and then moved to a resale site. This tactic is known as “stock rejection.”
Some use credit card fraud to make purchases. Others work around the “X tickets per person” rule. Bots are run by ticket resellers, hospitality companies and large corporations that want to secure seats for their customers. Others are part of criminal enterprises. And in many cases, they are run by individuals. A quick Google search will reveal sites selling ticket-buying bots for between $300 and $900 USD. I’ve even found a few places that charge less than $100 USD. Other sites will teach you how to create your own site.
Get local breaking news
For news affecting Canada and around the world, sign up to have breaking news alerts delivered straight to you as they happen.
Who is responsible for this disaster? Going back in history, it’s a former insurance salesman from Arizona named Ken Lowson, a ticket reseller who discovered a teenage programming genius in Bulgaria in 2001. Together they developed an automated concert ticket purchasing program that they continuously improved to make it faster. They are even more ruthless when it comes to getting tickets.
His company, ironically called Wiseguy, made tens of millions of dollars from ticket scalping between 2001 and 2010. Lowson claims that at one point in the 2000s his company controlled “90% of ticket sales” in the United States.
Initially using just four computers, Wiseguy began using autofill scripts. This meant employees didn’t have to type the same boring stuff over and over again, giving them a speed advantage over individual fans. From there, the programs became more sophisticated and advanced to the point where they required little human input. All new bots are assigned a “power” ranking. For example, a “500 Power” bot is equivalent to 500 people buying tickets. It didn’t take long for Lowson’s crew to siphon off 20,000 tickets in two minutes.
Timing and speed have improved by the millisecond. At one point, Wiseguy had 30 servers across the United States ready to purchase tickets as soon as they went on sale. Some sell tickets through their own channels, while others sell to ticket brokers.
His biggest break came during U2’s Vertigo tour, when Wiseguy stole thousands of tickets earmarked for the band’s official fan club. He used two credit cards to purchase $200,000 in special codes for fan club members. Lowson’s total take? That’s just over US$2.3 million. U2 came under a lot of heat for its lack of security to protect its valuable code.
Wiseguy was raided by the FBI in 2009 and put out of business, and Lowson was charged with 42 counts of hacking and fraud. The plea deal kept him out of jail. Last I heard he was running a company that helped fans beat bots.
Yes, bots are officially illegal in many countries. Yes. Ticketmaster and other major sellers are doing their best to combat bots. But technology has advanced so quickly and tactics have become so cunning that the game of whack-a-mole has become endless.
Ticketmaster has to deal with billions of bot attacks every year. Do you remember the Taylor Swift Eras ticketing fiasco in November 2022? According to my sources, 3 billion bot attempts were rejected that day. Who knows how many people have passed it?
Many operators have moved to areas beyond the reach of governments, including Canada, the United States, the United Kingdom, and Australia, all of which have anti-bot legislation in place or currently being proposed. Today, bot operators work in places with little oversight, including Eastern Europe, Gibraltar, Panama, and the British Isle of Man. Your identity is hidden behind a proxy IP address and VPN.
Meanwhile, places like India have tech sweatshops where dozens of people type characters into CAPTCHA boxes (to ensure humanity) to decipher the bot’s code.
Disappointing, right? I wish there was some good news or a way to avoid this unpleasant situation, but there isn’t. The best I can give you is to join your favorite artist’s fan club and hope that someone like Ken Lowson doesn’t steal your code.
© 2025 Global News, a division of Corus Entertainment Inc.
