Bots — automated programs that can perform tasks online exponentially faster than us poor meatbags — have been a plague on the concert ticket-buying public for decades now.
A single bot can buy a thousand or more tickets in less than 60 seconds. There are examples of a couple of bots hoovering up 15,000 tickets in a single day. When a hot show goes on sale, it’s estimated that at least 40 per cent of the traffic to the ticketing site is bots. In some cases, that number has been as high as 96 per cent.
Thousands of these things are online, elbowing you out of the queue, snapping up tickets and then immediately sending them to reseller sites with huge mark-ups. They can scoop up “limit four tickets per person” in less time than it takes you to enter your credit card information.
How do they work? The speed of the bot attack and the volume of bots overwhelm the system, beating out humans the nanosecond sales begin.
A specialist bot creates hundreds or even thousands of accounts with, say, Ticketmaster or somehow manages to take over existing accounts by guessing passwords or cracking credentials. As everyone is waiting for tickets to go on sale, the buying bot (bots plural; there is never just one) simulates many humans queueing up to buy.
When sales begin, it uses a script to burn through the purchasing process. Programs known as “expediting bots” can open 100 purchasing windows simultaneously and proceed right to checkout. Others just drop tickets into a cart, making them unavailable to everyone else. The tickets will sit there until they can be purchased and then moved to a resale site. That tactic is known as “denial of inventory.”
Some use credit card fraud to buy. Others figure ways around the “X tickets per person” rule. Bots are run by ticket resellers, hospitality companies and large corporations looking to secure seats for clients. Others are part of a criminal enterprise. And more than a few are operated by individuals. A quick Google search will reveal sites that will sell you a ticket-buying bot for between US$300 and $900. I even found a few that charge less than US$100. Other sites will teach you how to build your own.
Get breaking National news
For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
Who’s responsible for this scourge? If we go back in history, it’s a former insurance salesman from Arizona named Ken Lowson, a ticket reseller who found a teenage programming whiz in Bulgaria in 2001. Together, they developed an automated concert ticket-buying program that they continually refined to be faster and more ruthless when it came to acquiring tickets.
His company, unironically called Wiseguy, made tens of millions of dollars from scalping tickets between 2001 and 2010. Lowson claims that at one point in the ’00s, his company dominated “90 per cent of ticket sales” in the U.S.
Using just four computers at first, Wiseguy began by using auto-fill scripts, meaning the staff didn’t have to enter the same boring stuff over and over again, giving them a speed advantage over individual fans. From there, the programs became more sophisticated, evolving to the point where little human input was required. Every new bot was assigned a “power” ranking. For example, a “500 power” bot was equal to 500 humans buying tickets. It wasn’t long before Lowson’s crew was sucking up 20,000 tickets in two minutes.
Timing and speed were improved by milliseconds. At one point, Wiseguy had 30 servers across the U.S. ready to pounce on tickets the instant they went on sale. They’d sell some through their own channels and sell other tickets to ticket brokers.
His biggest score was during U2’s Vertigo tour when Wiseguy hijacked thousands of tickets that were earmarked for the band’s official fan club. He bought US$200,000 of special codes destined for fan club members on a couple of credit cards. Lowson’s total take? Just over US$2.3 million. U2 ended up taking a lot of heat for the lack of security to protect those precious codes.
Wiseguy was raided by the FBI in 2009 and put out of business and Lowson was hit with 42 charges of hacking and fraud. A plea deal kept him from going to jail. The last I heard he was operating a company that helps fans beat the bots.
Yes, bots are officially illegal in many countries. And yes, Ticketmaster and other primary sellers are doing their best to fight bots. But the technology is improving so fast and the tactics so devious, it’s become an endless game of Whack-A-Mole.
Ticketmaster has to deal with billions of bot attacks every year. Remember the Taylor Swift Eras ticketing fiasco in November 2022? My sources say that three billion bot attempts were turned away that day. Who knows how many made it through?
Many operators have moved to territories beyond the reach of governments in Canada, the U.S., the U.K. and Australia, all territories where anti-bot legislation is in effect or is currently being proposed. Today, bot operators work out of places with little oversight, including eastern Europe, Gibraltar, Panama and even the Isle of Man in the U.K. Identities are masked with proxy IP addresses and VPNs.
Meanwhile, there are tech sweatshops in places like India where dozens of people are typing characters into CAPTCHA boxes (those things that are supposed to ensure your humanity) in order to break the code for bots.
Discouraging, no? I wish I had some good news or some way to circumvent this nastiness, but I don’t. The best I can offer is to join your favourite artist’s fan club and hope that your code isn’t siphoned away by someone like Ken Lowson.
© 2025 Global News, a division of Corus Entertainment Inc.
