One arrest in Toronto
Some of the hottest tickets in town — to Broadway hits, Jay-Z and Justin Timberlake concerts, a New York Yankees-Boston Red Sox game — were snapped up by an international ring of cyber thieves who commandeered more than 1,000 StubHub users’ accounts to make big money by fraudulently buying tickets and reselling them, prosecutors said Wednesday.
Bryan Caputo (left) and Daniel Petryszyn sit during arraignment proceedings in New York state Supreme Court Wednesday. They are two of six people who were indicted Wednesday in an international ring that took over more than 1,600 StubHub users’ accounts and fraudulently bought tickets to such prime events as Jay-Z and Elton John concerts and Broadway shows like “The Book of Mormon,” a Manhattan district attorney said Wednesday. — Photo by The Associated Press
Ten people around the world — including one in Toronto — have been indicted or arrested in connection with the case, which involved more than 3,500 tickets and at least $1.6 million in unauthorized purchases of sought-after seats, some to sold-out shows or behind the Yankee Stadium dugout, Manhattan District Attorney Cyrus R. Vance Jr. said.
“Today’s arrests and indictment connect a global network of hackers, identity thieves and money-launderers” who targeted the leading digital marketplace for reselling event tickets, Vance said. The scheme spooled from Russia to London to Toronto to the New York area and even to Barcelona, Spain, where accused Russian ringleader Vadim Polyakov was arrested while vacationing earlier this month.
There was RCMP involvement in the move against the alleged international ring.
A release from the New York County District Attorney’s Office said RCMP executed a search warrant and arrested a suspected money launderer in Toronto. It said the London arrests were also on suspicion of money laundering.
The release quoted RCMP Inspector Andrew Cowan as saying “organized crime is an international problem that cannot be fought solely within our borders.” He called the investigation “an excellent example of the success that can be achieved through strong international partnerships.”
The case comes amid growing concern about data thieves targeting consumer giants, and it pointed up pitfalls customers may face in using one password in multiple parts of their online lives.
StubHub said it was alerted to “a small number of accounts that had been illegally taken over by fraudsters” last year, contacted authorities and gave the affected customers refunds.
While prosecutors said they weren’t certain how the alleged thieves got access, San Francisco-based StubHub said they got account-holders’ login and password information from key-loggers or other malware on the customers’ computers or from data breaches at other businesses. San Francisco-based StubHub, owned by eBay Inc., said there had been “no intrusions into StubHub technical or financial systems.”
In the last few years, such major companies as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Since many customers use the same email and password on multiple websites, thieves can net a combination from one site that works in many others, data security experts say.
It’s like re-using “the same key for every lock in your life — especially if you’re giving that key out to everyone you meet,” says Joe Siegrist, the CEO of LastPass, which makes password-management software.
In the StubHub case, once the suspects had those digital keys, they were able to use credit-card and other information stored in unsuspecting users’ accounts to buy tickets
— some as pricey as a $994 pair of field-level seats to a St. Louis Rams-Houston Texans game, prosecutors said.
Buyers can download tickets directly to their StubHub accounts. Account-holders do get emails confirming their purchase; in some cases, those emails prompted customers to contact StubHub and report fraudulent buys, company spokesman Glenn Lehrman said.
After the buys, members of the ring re-sold the tickets and routed the money to others who laundered it, and the group split the profits, Vance said.
“This guy (Polyakov) is pretty much admitting he is a hacker,” one of the alleged fences, Daniel Petryszyn, wrote in an online chat, according to prosecutors. “These tickets are all profits ... I will launder all the money they want.”
Petryszyn, 28, and another accused re-seller, Bryan Caputo, 29, pleaded not guilty Wednesday to money laundering and stolen property possession charges. Petryszyn, who works at a catering business, “has every intention of challenging these charges,” said his lawyer, Liam Malanaphy.
Caputo, who works at a restaurant company, simply re-sold some tickets, said his lawyer, Reginald Sharpe. “If they were stolen, he didn’t know that they were,” Sharpe said.