Social Engineering Sporting Events
May 13, 2009
Two Saturday’s ago I went to my first baseball game at the new Yankee Stadium. We had purchased the tickets on StubHub, in February, and paid about 50% more than face value. We took the subway and arrived at the stadium at 11:30 for the 1:00PM game. As we got off the train, I saw the old stadium, and immediately it brought back a number of fond memories. It was there I saw my first baseball game in 1977 and witnessed Game 7 when the Red Sox broke “The Curse”.
I have to give credit, the new stadium is beautiful. The design captures many of the features of the old stadium (it really looks the same), but has all the amenities of a modern ballpark. The “sight lines” were great, all of the refreshment stands had calorie content (make you think twice about ordering a chicken parm), and the bathrooms were clean.
As game time approached, the sun came out, 40,000 plus settled in their seats as rose for the National Anthem, one thing stood out. A majority of the best seats were empty. I am no genius but I believe that it has something to do with the ticket prices. That started me thinking – could you social engineer your way into sporting events and wind up with the best seats, without forking over the equivalent of a mortgage payment?
Hackers and pen testers have made their names by claiming the various trophies of the digital world, NASA, the White House, the NSA, but could the sports and entertainment venues be hacked?
Earlier this year I read an article by Rick Reilly, about a life-long Philadelphia Phillies fan, Lionel Rodia, who worked his way onto the field after the final out of the World Series, participates in the on field celebration and then works his way into the Phillies clubhouse where he joins the Phillies in the champagne spraying ritual that comes with sports championships.
I thought that the Reilly’s account of Lionel Rodia’s sport’s hack was a one shot deal. A perfect storm of activity. But could it be done consistently. What about a “Grand Slam” of Event Hacking?
To me the trophies would include the following:
Seats behind home plate at a Yankees vs. Red Sox playoff game (where you are in the TV shot)
50 yard line seats at the Super Bowl?
Floor Seats at the Staples Center next to Jack Nicholson at LA Lakers Playoff Game
Front row tickets to a Springsteen Concert in the Meadowlands
I wonder if anyone from the Information Security/Hacker community had tried this, and what it would take to accomplish such a feat. I thought it would make a great realty show!
Or at least a great DefCon presentation!