I’m a bit skeptical about the degree to which this may have affected Trump’s rally in Tulsa, but this is going to affect the Trump Campaign by forcing it to expend time and effort that they may not be competent to spend.
It’s a technically challenging problem, which is usually answered by attaching a cost to the transaction. [nyt]
TikTok Teens and K-Pop Stans Say They Sank Trump Rally
Did a successful prank inflate attendance expectations for President Trump’s rally in Tulsa, Okla.?
If that is in fact what happened it shows that the organizers (if that is the right word) of the event did a remarkably bad job of modeling threats against the event. It’s a fairly predictable attack, and it was magnified by the internet and the fact that there are a lot of people who hate Trump.
Brad Parscale, the chairman of Mr. Trump’s re-election campaign, posted on Twitter on Monday that the campaign had fielded more than a million ticket requests, but reporters at the event noted the attendance was lower than expected. The campaign also canceled planned events outside the rally for an anticipated overflow crowd that did not materialize.
Tim Murtaugh, a spokesman for the Trump campaign, said protesters stopped supporters from entering the rally, held at the BOK Center, which has a 19,000-seat capacity. Reporters present said there were few protests.
Could it be that Brad Parscale is a clueless noob about the internet? Looking over his online history, he doesn’t appear to have much security chops (i.e.: any) so perhaps it’s possible. But this is just … dumb.
TikTok users and fans of Korean pop music groups claimed to have registered potentially hundreds of thousands of tickets for Mr. Trump’s campaign rally as a prank. After the Trump campaign’s official account @TeamTrump posted a tweet asking supporters to register for free tickets using their phones on June 11, K-pop fan accounts began sharing the information with followers, encouraging them to register for the rally – and then not show.
Normally, this would be handled the way Ticketron and Google and anyone competent does it: you have to register, then an email gets sent to the address that is registering, requiring a call-back before the account is made live. That’s still really easy to get around if you own a domain or ten like I do, but it raises the bar past the level where a casual troll is going to think it’s worth doing. Also, you’d probably fingerprint the browser-ID and IP(s) of the system doing the sign-up and if it looks like there are multiple sign-ups from the same source, you start slowing them down. No need to disable them, just make them slower the more scripted they appear to be. Or, another trick is to have recaptchas start popping up on any connection from an IP address that is already in a database. Coding this sort of stuff is not particularly difficult if you think of it before your site goes live.
Considering the massive amounts of money that political campaigns spend on silly stuff like sushi for the staffers, or cheesy pins and buttons (i.e.: proto-litter) it seems like getting this right in advance should have been affordable.
Probably the most solid way to lock something like this down would be to request a credit card to reserve a seat, and clearly state that if the ticket is not scanned at the entry to the event, the credit card will be charged $50 or $500 or whatever. A true believer who wants to reserve a seat would have no problem with shelling out nothing, because they plan to show up, but a troll could face gigantic credit card bills. Of course, you could use a stolen credit card but the credit card companies’ validation systems are getting very good at fraud detection and a credit card is a fair proxy for identity in the internet age. (Most of internet identity is just a layer of kludgy scum atop credit cards – a thing the credit card companies have been too stupid to capitalize on)