Go to the mobile version of this Web site.

Login | Contact Us | Site Map | Paid archives | Electronic edition | Subscription Questions | Extras

Experts don’t buy the 'malicious attack' excuse

Roger Fillion, Rocky Mountain News

Published October 24, 2007 at midnight

Text size  

More Colorado Rockies

More stories »

The Colorado Rockies' online ticketing system probably fell victim to a lack of computer "horsepower" and was not the target of an outside attack as the Rockies insist, computer experts said.

On Monday, the Rockies offered a terse explanation for the ticketing system's crash, saying that the team and fans had been victims of an "external malicious attack."

On Tuesday, Rockies spokesman Jay Alves again leveled the "malicious attack" charge without offering details.

But computer and Internet security experts said that Monday's computer crash and the system's less-than-smooth performance Tuesday pointed to a shortage of capacity on the computer servers powering the system — or a failure to balance out traffic across those servers.

"I suspect the problem was a lack of server computing capacity," said Andi Mann, research director at Enterprise Management Associates, a Boulder information technology research and consulting firm.

While the Rockies eventually sold out all three World Series games Tuesday, ticket buyers again complained about problems accessing the system or completing purchases once they got to the ticket-buying section.

"They've addressed it in part. It did work," Mann said of the online system's sale of 54,000 tickets in less than three hours. "But it didn't work completely. They fixed it enough for today."

A spokesman for Paciolan Inc., the Irvine, Calif., ticket vendor handling the system, did not return two phone calls seeking comment.

Sam Masiello, director of threat management at MX Logic, an e-mail and Internet security company based in Douglas County, was among those trying to buy tickets Tuesday. Shortly after tickets went on sale at noon, he couldn't get to the ticket-buying section of the Rockies' Web site.

Instead, Masiello was stranded on a page telling him to wait for the computer server to become available.

"There are still too many connections for the server to handle," said Masiello, seated in front of a laptop computer in his office. He likened the situation to what happened Monday when the system crashed under the weight of 8.5 million "hits" in the first 90 minutes.

"The same thing is happening today," he said. "It appears to be more of a capacity issue than a truly malicious attack."

Experts generally threw cold water on the "malicious attack" claim. They noted that computer hackers are motivated by financial gain, rather than gumming up the works of a company or organization's Web site.

"There's no financial gain to be seen in this kind of situation," Masiello said.

While experts didn't rule out the possibility of an attack, they agreed it was doubtful.

"It didn't look like a traditional malicious attack," said Chris Benham, vice president of corporate marketing at Webroot Software Inc., a Boulder company whose software combats privacy-stealing programs known as spyware.

"Our best guess is the system simply wasn't prepared to deal with the large number of requests," he said, pointing to the deluge of fans and ticket scalpers clambering for online tickets.



Staff writer Jeff Smith contributed to this report.