Social Engineering Sporting Events

May 13, 2009

Two Saturday’s ago I went to my first baseball game at the new Yankee Stadium.   We had purchased the tickets on StubHub, in February, and paid about 50% more than face value.   We took the subway and arrived at the stadium at 11:30 for the 1:00PM game.   As we got off the train, I saw the old stadium, and immediately it brought back a number of fond memories.  It was there I saw my first baseball game in 1977 and witnessed Game 7 when the Red Sox broke “The Curse”.   

I have to give credit, the new stadium is beautiful.  The design captures many of the features of the old stadium (it really looks the same), but has all the amenities of a modern ballpark.  The “sight lines” were great, all of the refreshment stands had calorie content (make you think twice about ordering a chicken parm), and the bathrooms were clean. 

 

As game time approached, the sun came out, 40,000 plus settled in their seats as rose for the National Anthem, one thing stood out.  A majority of the best seats were empty.  I am no genius but I believe that it has something to do with the ticket prices.  That started me thinking – could you social engineer your way into sporting events and wind up with the best seats, without forking over the equivalent of a mortgage payment?

 

Hackers and pen testers have made their names by claiming the various trophies of the digital world, NASA, the White House, the NSA, but could the sports and entertainment venues be hacked?

 

Earlier this year I read an article by Rick Reilly, about a life-long Philadelphia Phillies fan, Lionel Rodia,  who worked his way onto the field after the final out of the World Series, participates in the on field celebration and then works his way into the Phillies clubhouse where he joins the Phillies in the champagne spraying ritual that comes with sports championships. 

 

I thought that the Reilly’s account of Lionel Rodia’s sport’s hack was a one shot deal.  A perfect storm of activity.  But could it be done consistently.  What about a “Grand Slam” of Event Hacking?

 

To me the trophies would include the following:

Seats behind home plate at a Yankees vs. Red Sox playoff game (where you are in the TV shot)

50 yard line seats at the Super Bowl?

Floor Seats at the Staples Center next to Jack Nicholson at LA Lakers Playoff Game

Entry into the Oscars or the Emmys (including a walk on the Red Carpet and interview with Joan Rivers)

Front row tickets to a Springsteen Concert in the Meadowlands

 

I wonder if anyone from the Information Security/Hacker community had tried this, and what it would take to accomplish such a feat.  I thought it would make a great realty show! 

 

Or at least a great DefCon presentation!

Posted by lee | Filed Under Behavior, Security Industry 

Comments

4 Responses to “Social Engineering Sporting Events”

  1. nickerson on May 13th, 2009 6:04 pm

    I’d be willing to try. Have done a few of those before but deff not all. If tiger team gets picked up again, well make it an eepisode.

  2. will on May 21st, 2009 8:02 am

    It wasn’t me, but my brother found a closet with security guard jackets in it, put one on, made his way to the field, and stood on the sidelines watching the Super Bowl about 12 years ago.

  3. lee on May 22nd, 2009 11:21 am

    Will -

    Interesting – I think that securiity awareness has increased in the past 12 years.

    Lee

  4. lee on May 22nd, 2009 11:23 am

    Chris -

    I would look forward to watching those episodes. I think it would be a ratings bonanza – and you should keep them for “sweeps week”

    I do hope you guys get picked up – I enjoy watching the episodes.

    Lee