Feeds

Olympic ticket scammers still going for gold

Who can you trust?

5 things you didn’t know about cloud backup

In the age of the P-p-p-p-powerbook and the ubiquitous 419 scammer, it comes as no surprise that many people have fallen for a Beijing Olympics ticketing scam that seems to have hit people all across the world. Due to the rarity of tickets for the games, and the particular setup of the scam site (and others), there was a lot of money lost by many people as they struggled to get their hands on tickets that didn't exist. It is ticket scalping for the 21st century, made even more lucrative by there being no need to actually provide any tickets to the victims.

When MSNBC ran a Forbes Traveler article, initially published late February, it carried links to at least one fake ticketing site. These sites have since disappeared from the actual page, pulled sometime between the end of July and now, but it led to implied legitimacy for the site and helped it gain a search engine position and helped lead many down the path of losing large amounts of money.

By silently fixing the article, MSNBC have contributed to the confusion as to how people were led into believing the site was legitimate. If you or your site find yourself in the position of having to amend something that you have already published online, you need to make sure that visitors can tell that you have amended the original page and at least identify what has changed. MSNBC's silent fix, without any acknowledgement that the original links might not have been appropriate, is the worst possible way to deal with things, it is even worse than leaving the information as it was - at least then people could identify where the implied legitimacy had originated from.

Just to make it clear, this is NOT THE REAL BEIJING GAMES TICKET SITE, this one is. Does it mean that the Chinese Olympic organisers have failed to secure all probable online domains before selling tickets? It is impossible to completely close off the multitude of possible domains that might be set up to try and sell tickets, so the organisers aren't really at fault for that. Could they have made more effort to secure likely domains? Probably. Then again, hindsight is always perfect.

Key to the whole incident is how trust is allocated and determined when interacting with new sites on the Internet. It actually highlights one of the biggest problems with establishing viable online trust. If a site, such as MSNBC, that you would normally otherwise trust, provides a link to a malicious site and claims it is legitimate, how would you be able to tell if the link is malicious if you had never been there before? Under almost any trust model that exists, the site would have gained trustworthy status earlier this year, when MSNBC first linked to it.

Where the trust breakdown took place was when people failed to receive their tickets and it was realised that the site was claiming ticket availability for events that had long been completely sold out. Some of the more advanced trust models that are in development (such as the one developed by Sûnnet Beskerming) would have given the site a dubious weighting, but would have struggled to offset the implied trust delivered by other sites against the Official Beijing site, which should have been the only one to offer tickets for sale.

All you need to trick people into giving you their money, it seems, is to have a flashy website and promise delivery in the future for some desirable item. If you want to find out more about the risks and what sites are scamming people, one of the best resources for those who are trying to hunt down the people behind the various scams is over at beijingticketscam.com.

This article originally appeared at Sûnnet Beskerming.

© 2008 Sûnnet Beskerming Pty. Ltd

Sûnnet Beskerming is an independent Information Security firm operating from the antipodes. Specialising in the gap between threat emergence and vendor response, Sûnnet Beskerming provides global reach with a local touch.

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?