Ticketmaster agreed to pay a $10 million fine to resolve charges that it repeatedly accessed without authorization the computer systems of a competitor. 

The fine is part of a deferred prosecution agreement that Ticketmaster has entered with the United States Attorney’s Office for the Eastern District of New York to resolve a five-count criminal information filed today charging computer intrusion and fraud offenses. 

Previously, on October 18, 2019, Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, pled guilty in a related case to conspiring to commit computer intrusions and wire fraud based on his participation in the same scheme.  Both cases are assigned to U.S. District Judge Margo K. Brodie.

Seth D. DuCharme, Acting United States Attorney for the Eastern District of New York, and William F. Sweeney, Jr., Assistant Director-in-Charge of the Federal Bureau of Investigation’s New York Field Office, made the announcement.

“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” stated Acting U.S. Attorney DuCharme.  “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic.  Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”

“When employees walk out of one company and into another, it’s illegal for them to take proprietary information with them. Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation is a perfect example of why these laws exist – to protect consumers from being cheated in what should be a fair market place,” stated FBI Assistant Director-in-Charge Sweeney.

EU Threatens to Penalise X over DSA Breach, Musk Alleges ‘Secret Deal’ Offer

The Scheme to “Choke Off” the Victim Company

According to Ticketmaster’s admissions and publicly filed court documents, Ticketmaster, a wholly owned subsidiary of Live Nation Entertainment, Inc. (Live Nation), was primarily engaged in the business of selling and distributing tickets to events and concerts.  The victim company offered artists the ability to sell presale tickets – sold in advance of general ticket sales – on an online ticketing platform.  It also offered artists an Artist Toolbox (the Toolbox), which was a password-protected app that provided real-time data about tickets sold through the victim company. 

Instrumental to the criminal scheme was Coconspirator-1, a former senior employee of the victim company, who worked in the company’s Brooklyn, New York offices from approximately May 2010 to July 2012.  In approximately July 2012, Coconspirator-1 signed a separation agreement with the victim company, in which he agreed to maintain the confidentiality of that company’s confidential information.  He then joined Live Nation in approximately August 2013.

In November 2013, while employed by Live Nation, Coconspirator-1 shared with Zaidi and another Ticketmaster employee the URLs for draft ticketing web pages that the victim company had built for an artist, but had not disseminated to the public.  In response to a Ticketmaster executive explaining that the goal was to “choke off [victim company]” and “steal back one of [victim company]’s signature clients,” Coconspirator-1 offered that Ticketmaster could “cut [victim company] off at the knees” if they could win back presale ticketing business for a second major artist that was a client of the victim company.

DOJ Seizes ‘Bot Farm’ Operated by the Russian Government

Ticketmaster’s Intrusions Into the Victim Company’s Password-Protected Artist Toolboxes

In January 2014, Coconspirator-1 emailed Zaidi and a second Ticketmaster executive multiple sets of usernames and passwords for Toolboxes.  Coconspirator-1 encouraged the executives to “screen-grab the hell out of the system,” but also warned, “I must stress that as this is access to a live [victim company] tool I would be careful in what you click on as it would be best not [to] giveaway that we are snooping around.”  (Emphasis in original.)  The information from the Toolboxes was then used to prepare a presentation for other senior executives that was intended to “benchmark” Ticketmaster’s offerings against those of the victim company. 

Buy Me A Coffee

In early May 2014, a senior executive of Live Nation (Corporate Officer-1) asked Zaidi and others how Ticketmaster’s presale online offering compared with the Toolbox.  Coconspirator-1 was then asked to “do a screenshare/demo” at an upcoming “Artist Services Summit.”  Coconspirator-1 agreed to “pull together a list of the log-ins and URL’s that I still have access to for this so I can give the team as much insight as possible.”  At least 14 Live Nation and Ticketmaster employees attended the Artist Services Summit, in San Francisco.  There, in front of those employees, Coconspirator-1 used a username and password he had retained from his employment at the victim company to log in to a Toolbox, and provided a demonstration.  Coconspirator-1 later also provided Zaidi and other Ticketmaster executives with internal and confidential financial documents he had retained from his employment at the victim company.

CERT-In Finds Multiple Bugs in Node.js that Can Be Used to Obtain Sensitive Info

In January 2015, Coconspirator-1 was transferred to the Artist Services division, promoted to Director of Client Relations, and given a raise.  Following the promotion, Coconspirator-1 emailed another Artist Services employee, “Now we can really start to bring down the hammer on [Victim Company].”  Ticketmaster employees continued to access password-protected victim company Toolboxes through December 2015.

Ticketmaster’s Surveillance of the Victim Company’s Draft Ticketing Web Pages

Between approximately July 2014 and June 2015, Coconspirator-1 and others monitored draft ticketing web pages created by the victim company.  Although these pages were not password-protected, they were not indexed in search engines, and therefore could not be located without determining the exact URLs, which included a series of numbers.  Until the victim company or artist publicly disseminated a URL, the victim company intended to restrict access to itself and the artist.

After joining Live Nation, Coconspirator-1 explained to Zaidi and others how the “store ID” numbers in the URLs were numbered sequentially, enabling Ticketmaster employees to monitor new pages and to learn which artists planned to use the victim company to sell tickets.  Coconspirator-1 used this information to search for new victim company ticketing web pages, and sent the URLs to Ticketmaster executives.  In or about January 2015, a Ticketmaster employee was assigned to learn about this system from Coconspirator-1, and maintained a spreadsheet listing every victim company ticketing web page that could be located, so that Ticketmaster could identify the victim company’s clients and attempt to dissuade them from selling tickets through the victim company.  Zaidi explained that “we’re not supposed to tip anyone off that we have this view into [the victim company’s] activities.” 

Indonesia Tightens Cybersecurity After Ransomware Attack

The Deferred Prosecution Agreement and Criminal Information

Under the terms of the deferred prosecution agreement, Ticketmaster will pay a criminal penalty of $10 million and will maintain a compliance and ethics program designed to prevent and detect violations of the Computer Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors.  Ticketmaster will also report to the United States Attorney’s Office annually during the three-year term of the agreement regarding these compliance measures.  If the Company breaches the agreement, it will be subject to prosecution for the charges in the criminal information that was filed today, charging the Company with one count of conspiracy to commit computer intrusions, one count of computer intrusion for commercial advantage, one count of computer intrusion in furtherance of fraud, one count of wire fraud conspiracy and one count of wire fraud.

The investigation is being conducted by the FBI’s New York Field Office.  The government’s case is being handled by the Office’s National Security and Cybercrime Section.  Assistant United States Attorneys Allon Lifshitz, Craig R. Heeren and Ian C. Richardson are in charge of the prosecution.