Screen scraping to provide threat 'for next few years'
Online content providers and website operators are forced to deal with a number of IT intrusion and security threats nowadays as cybercriminals' techniques become more advanced.
However, one of the long-standing threats with which hackers are increasingly prolific is scraping, as highlighted by news of a massive online ticketing scam which was exposed in the US earlier this week.
A group known as 'Wiseguys' was connected to the fraudulent purchasing and resale of up to one million tickets for headline sports and entertainment events between 2002 and 2009.
For instance, they are believed to have snapped up more than 11,700 premium tickets for Bruce Springsteen concerts in 2007, illegally selling them on to unsuspecting fans for a combined $1.3 million.
The protagonists purchased IP blocks and rented servers before deploying bots to automatically fill in CAPTCHA text fields quicker than genuine ticket buyers.
They achieved this goal by compiling lists of thousands of the types of words that tend to appear in such fields, while also entering credit card information and fake email addresses.
As a result, they were able to defeat the anti-fraud measures of some of the world's largest online ticket vendors, such as Ticketmaster, Musictoday and Tickets.com, making over $25 million in the process.
The four ringleaders, Kenneth Lowson, Kristofer Kirsch, Faisal Nahdi and Joel Stevenson, have now been indicted on a number of counts of unauthorised computer access and wire fraud.
Such instances of scraping in its various forms (screen, web and data) are likely to continue to pose IT security concerns in the near future, according to a report by software and cloud computing website Tomilaw.com.
"Scraping will increase over the next few years as traditional content distribution dies out and we are left with online-only, as is being witnessed with music CDs, newspapers and films and games on DVDs/Blu Ray," said author Frank Jennings.
"Add to this the increased pressure of switching from subscription to advertising-based or 'freemium' models will see a larger amount of potentially unprotected content online for scrapers to exploit."
The website advised content providers to "remain vigilant" and proposed implementing a host of measures designed to minimise the risk of being targeted by screen-scraping experts.
These include manually blocking scrapers' IP addresses and making better use of classic passwords, CAPTCHA and other methods to slow down the processes vulnerable to scraping.
Meanwhile, installing anti-scraping software such as Sentor's 'Assassin' is recommended by the website, while anyone able to trace scrapers online should report them to their ISP.
Despite examples such as the Wiseguys scam, webmasters should not believe that they cannot secure victories in a legal capacity against hackers of this kind.
For example, Mr Jennings notes that Ryanair recently emerged victorious after a lawsuit with German website Vtours, which had been involved in screen scraping and reselling the budget airline's flights.
Spokesman Stephen McNamara said after the verdict at the Regional Court of Hamburg: "[This] once again confirms that European courts support Ryanair's fight to protect consumers against overcharging screen-scraping ticket-touts.
"Ryanair will continue its fight against screen scrapers in the interests of passengers until this practice of misleading consumers has been outlawed across Europe."
The botnet stole credit card details and online banking information from 500 of the Fortune 1,000 companies and more than 40 major banks, according to investigators.