Boom under attack by Hackers
Boom Festival is a biannual psytrance festival and one of the most important gatherings worldwide when it comes to the psychedelic trance culture. Boom Festival recently announced that they will open presales to the public.
shortly after that They announced that they experienced a DDoS hacker attack. Check the statement:
ONLINE TICKET SALES WILL TEMPORARILY FREEZE UNTIL FURTHER NOTICE
In light of the recent online ticket launch and the difficulties experienced by everyone trying to get a Boom ticket, we want to give everyone an explanation of what is going on behind the scenes.
We want to start by thanking each and every one of you who kept a positive spirit throughout the whole process, standing united as fellow Boomers and sharing messages filled with a good sense of humor and understanding.
We absolutely loved your memes!
You truly are a unique crowd and we are deeply grateful for your support and understanding.
We have become aware that a DDoS cyber-attack to the server has been taking place, and we have been struggling to deal with this particular issue. This means that our servers, and consequently our online e-commerce platform, have been flooded by multiple fake requests aimed at exhausting our current response capacity. Unfortunately, this compromised our capability to respond to legitimate users that tried to access our platform services, rendering many services unavailable. This was the main reason why many of all of you Boomers were not able to successfully purchase your Boom ticket. At a certain point our team was handling, on the one hand, the ticket sales, and on the other hand, a systematic hacker attack with 40 million queries per second. As a safety measure 2914 IPs were blocked from 8.20pm until 02.20am. We have been able to minimize this attack but are still struggling on this front.
In spite of this, amidst these events, some thousands of Boomers effectively purchased their Boom ticket. We are, of course, very happy that many of you were successful, but we are also aware that some of you tried endlessly to get into the ticket system with no success, a frustration we totally resonate with.
This is not an isolated case. Festivals have been a target for cyber-attacks for a while now and suffered security breaches.
While we do not understand the reason behind these attacks, we do try to approach them in a comprehensive way, and wonder about the motive that could lead someone or a group to lead an attack on an event such as Boom – a festival which aims to bring people together in celebration. We are even living in challenging times where cyberculture is distorted in its foundations of democratization of knowledge.
More random acts of kindness are the best way of activism.
As part of an emergent culture, we feel it is crucial to understand the core of phenomena such as this one, for as we live in a digital age where human relationships exist increasingly on a digital basis, it is foreseeable that these types of attacks will only keep on happening.
In the meantime, we will freeze the ticket sales, not only to gain some time to resolve all of these issues, but also so everyone can take a break from all the frenzy generated by the frustrated attempts to buy a Boom ticket.
Please note that we are putting all our efforts towards the solving of this situation – and our infoline team is doing their best to respond to all the messages and requests sent to our infoline. We are at your disposal for any questions you might have.
We will be in touch as soon as we have a news regarding this matter. And again, you are all wonderful. Thank you for being Boomers.❤️
With Love and Gratitude,
The Boom Team
Security procedures apperently lacking
A relatively regular thing to do when your website is compromised , is to completely shut it down until the security wholes are fixed. That apperently didn`t happen for several days. one can only imagine what is going on behind the scenes , but i am sure it is rather chaotic. Often when the shit hits the fan everybody around you claims to know the reason and how to fix it. They said that they consulted a row of “experts” on the matter so let us hope for the best.
Weirdly though , the webadmin or boom organisation didn`t shut down the website yet. People online start to worry about their data.
Yesterday , the 22.10.2017 , they made another statement by the Boom orga
“After meeting with a series of experts, it has been made clear that the Boom Festival has suffered a concerted cyber-attack, led by someone who has the means and resources to intervene in such a way.
At this time, we are undergoing an auditing, rigorously evaluating everything that has happened since the launch of online ticket sales up until this very moment.
Many of you have asked why we did not shut down the platform as soon as the attack started. We feel it is important that the whole Boom community understands that the decision to shut down the platform was not taken lightly. The attacks were made continuously; yet during intermittent rhythms, while we were blocking back, the opponents were immediately changing addresses and attacking strategies.
In our back office, we could see that despite the difficulties, Boomers were still able to get their tickets. Personal data was not under direct attack and we knew from the beginning that personal details were not at risk. As for credit cards, we do not ask, receive or store any information about them as we use third party payment gateways (worldwide standards), which manages the payment process directly. The reason that led us to shut down the platform was the constant overflow of requests – provoked by the DDoS attack – which was, in a way, “killing” the platform.
We must thank the brave independent IT teams who worked relentlessly to tackle these attacks. In the end, after incessantly looking for ways to resolve the issue, and after being 100 percent sure of what was going on, we decided to shut down the platform.
For those of you who paid for tickets, if you did not receive an email with a receipt or ticket, you will soon be receiving this. We expect all tickets to be sent by Monday. If you fall into this category, please contact email@example.com.
Regarding facts and figures, so far we have confirmed 11,467 Boomers from 111 countries and territories.
Some have been asking about the number of tickets that were sold in phase one. A total of 4,000 were sold as online phase one tickets. There will be a further 3,500 tickets available at a Friendly Price when Ambassador sales begin on 19 December. This will equate to a total of 7,500 phase one tickets.
From the very beginning, we have been reading everything that has been posted on the social media networks, listening to your calls and we deeply resonate with your frustrations. Our heart is with you and our commitment to you is to be present for any help you might need.
We would like to take this opportunity to remind everyone that Boom Festival is a limited ticket event, and because it seems the demand exceeds the offer, it is only natural that tickets will sell out very quickly.
We will continue to update you on any developments. Regarding the upcoming ticket sales, we will notify the community 48 hours before reopening the platform.
With Love and Gratitude
“Doug Shiells Its unfortunate you were Ddos’d but I’m more worried about the blatant lack of concern for security in your application. Sending people emails with the password they have created in plain text is unacceptable. And in a ticket confirmation email where there is absolutely no need to send the password. This means not only have your risked the passwords being captured over the wire via email but it also means you are not even following basic security procedure and storing passwords as hashes in your database. This is an unacceptable disregard for the security of your community and now thousands of people’s good passwords may be compromised.”
This comment rises even more serious questions about their online safety.
I hope that they can fix the security wholes fast. This is a thread not only to the organisation of the festival. It is also a danger for all people buying their tickets there.
Other people complain about beeing treated unfairly. The Boom has a timed ticket sales format.
Here is a comment by another customer;
Sasha Tania Edwards I feel it very unfair to be charged for the 2nd phase especially when you mentioned the server had problems from 20.20 until 2 am whilst people like me kept trying to book them all this while. Those who managed to get through, great for them. But what about the thousands of others that could not? Whether it be “only” 40 or 90 euros extra, do you feel this is fair? I would suggest opening up sales for the first phase atleast for 24 hours without any server problems and give people a closure for what they have gone through. It wouldn’t break your bank for sure, however, it definitely has caused major disappointment to many out there. If Boom is not about the money, show it! Right now is probably the best situation. Actions speak louder than words.
P.s: I feel really disappointed having tried several times to purchase the ticket to receive/read a message on your page today saying ‘the first phase has been sold out’. Another solution would probably be to compensate all those who communicated this error to you during your server failure!
There is a long list of people having issues. Again it raises the question why they did not lock everything down for good so that everybody is safe. At some point you have to realize that your ship is leaking to a degree that it has to go back to a safe harbour , where it can get thoroughly repaired and then set back onto it`s journey.
We will keep you informed on any updates from the boom organisation so check back soon!