CXO

Online World Series ticket sales hit by DoS attack

The most sought-after sports ticket in Colorado is for one of the three World Series games scheduled to be played at Coors Field, home to the hottest team in baseball, the Colorado Rockies. Upward of 60,000 tickets for those three games were to be sold the morning of Monday, October 22 through online sales. However, transactions for only about 500 tickets were completed before the Paciolan (Pack-ee-o-lan) computers came tumbling down.

Servers at Paciolan, the company contracted to handle the ticket sales for the Colorado Rockies, were hit with 8.5 million requests in the first 90 minutes of the sale. Those 1,600 hits per second were enough to overload the company servers. And with the exception of those few sales, no one was able to buy any tickets (including yours truly).

The Colorado Rockies later announced that the servers were intentionally and maliciously hit with a denial-of-service (DoS) attack. The who, where, and why is still a matter of speculation. But within 12 hours, Paciolan announced it was ready to resume the sale of those World Series tickets, confidant it could thwart another DoS attack.

One has to wonder, however, why Paciolan wasn't ready to thwart the first one? Has Ticketmaster or any other ticket outlet ever faced such a DoS attack? What about other large online retail sites such as eBay or Amazon? What do they do to keep it from happening, and what did Paciolan have to do differently?

Nonetheless, the Colorado Rockies did indeed resume sales of those 60,000 tickets the following day, and the sale went on without incident. All available tickets were sold in just over two hours.

There's certainly been a lot of talk about the problems associated with the sale of those tickets, but I've heard nary a word asking who would launch such an attack and why? The local media and the fans aren't talking about it, and the Rockies organization itself actually stopped discussing that aspect of the issue, most likely as a way to keep attention and excitement focused on the team and the field of play.

After all, I don't think they'd want to create a diversion from their immediate task at hand, which is, of course, to emerge from the World Series as the eventual winners. Why would they want to distract from that? After the season, however, I expect a full-blown investigation of the DoS attack.

Was this likely just an individual with some axe to grind — and someone with the right amount of knowledge and resources to simply disrupt, embarrass, and wreak havoc on the Colorado Rockies and/or Paciolan? Could a lone individual pull off such a thing? Or is it more likely that it was a more concerted effort by many individuals, or even some organization, who has some sort of monetary motive? What could be other motives? Could the perpetrator (or perpetrators) ever be tracked down and prosecuted? Did they likely leave digital tracks that could be followed? The questions are many, but I've yet to hear any real answers. (If it happened to the Red Sox, we could just blame the curse of the Bambino.)

I suppose those Colorado Rockies fans and the local media outlets are just too focused on another question to be too concerned about the ones I've been asking. They're all wondering if the Colorado Rockies will continue their hot streak and sweep yet another post-season opponent, the Boston Red Sox. And I suppose this can be added to the list of another first for what has been an amazing, record-breaking, and historic run into the World Series, the Rockies' first appearance in the fall classic.

This is, I believe, the first time World Series ticket sales has been disrupted because of an online DoS attack. And speaking as a Rockies fan, I'll go on the record as predicting that DoS will not go on to mean Denial of Series victory.

Editor's Picks