An investigative report by Power Retail, together with Click Frenzy, shines the spotlight on an underground “botter” group targeting e-commerce websites and swiping high demand product releases at faster than lightspeed. They call it ‘cooking’, and now you can meet some of the chefs.
Disclosure: This article deals with the experiences and findings of Click Frenzy Pty Ltd, which is owned by Global Marketplace, the parent company of Power Retail.
An Australian group going by the name of Copped.io, with over 1900 Facebook members, is selling and using sophisticated proxies and bots to make it virtually impossible for “manual users” to access highly sought-after items that go on sale at online stores. Copped.io is led by director Darron Eggins, a self-described ‘hactivist’ based on the Gold Coast who loves sneakers, fast cars and ‘cooking’.
‘Cooking’ in Eggins’ world refers to the secret art of ‘copping’ sneakers and other products when they ‘drop’, using proxy servers and bots to defeat e-commerce website rules such as single item per purchase, giving their users exponentially (try 1000+ times) faster access to the checkout. In one example featured on the Copped.io Twitter account, bots bought all of the product online before it even appeared on the company’s website.
“Product didn’t show on the frontend! We took every pair,” gloated @coppedio. Even with the fastest fingers in the world, no-one using conventional methods stands any chance.
The Head Chef
By day, Eggins is employed as the lead web developer at 40/40 Creative, a Gold Coast-based agency offering brand and digital services. According to its website, 40/40 Creative’s large retail client list includes blue chip brands such as Toyota, Uniqlo Australia, Redbull Australia, Bed Bath N’ Table and Super Retail Group, as well as Foot Locker Asia Pacific. The agency also boasts a roster of Corporate & Government clients including the Department of Human Services, Gold Coast City Council and Australian Skills Authority. In addition, the agency claims it services public figures including Rob Molhoek MP, Queensland State Member for Southport, Federal MP Stuart Robert, and Olympic Gold medallist Stephanie Rice.
Ironically, the 40/40 Creative home page features a tongue-in-cheek reference with the logos of global brands including Coca Cola, Mercedes, Disney, MTV and Adidas, with a bold CLIENTS WORKING WITH US and a tiny ‘THAT ALL WISH THEY WERE’ in lighter font. We suspect after reading this article that Adidas would not choose to work with the agency.
Why? Adidas is a prime target for Copped.io, which offers its customers access to custom endpoints for streetwear and sneaker sites including Nike, Adidas, SNS, Footsites, Mesh, SUPREME and Palace. These proxy products can be activated in 20-30 minutes, according to the website, and include Single/Multiple Endpoint proxies for easy setup of Commercial/ Private Bots.
Foot Locker, listed as a client of 40/40 Creative, also appears to have been ‘cooked’ by Copped.io. One Twitter user expressed gratitude to Copped.io “for the cops on the FTL restock” after scoring a pair of Adidas Yeezy Boost 350 sneakers. Fox in the henhouse? It beggars belief that Eggins’ conduct appears to go utterly unchecked.
There’s no shortage of ego. He brags proudly to his 5000+ social media followers about his success in scoring and reselling high demand products, telling one rival “this “computer nerd kid” earns more than your parents combined don’t come around here acting like you wouldn’t want to work for me.”
He regularly posts shots to Instagram of his Audi sports car and premium sneaker hauls, on display at the office stacked up in arguably commercial quantities.
It seems there is big money involved if you get to Eggins’ level. In a recent interview with radio station JJJ’s Hack (irony not lost), Eggins bragged about building his own bot to target Adidas and said to JJJ he would share the spoils with an investor, potentially hundreds of thousands of dollars worth. When prompted by the interviewer as to how much investment he’d received, Eggins declared, “Seven figures is all I’ll say.” On November 10, he boasted about his new Tag Heuer watch. With that boast of a million dollars plus from a single investor, looks like “copping” shoes pays off big time.
Copped Pty Ltd was registered as an Australian company on March 13 this year, with the registered office in Highland Park, a suburb of the Gold Coast where Eggins works. According to the Australian Business Register, Copped Pty Ltd is not currently registered for GST, meaning total turnover would be less than $75,000 per annum. We asked Eggins on Thursday to confirm whether he is the owner of Copped Pty Ltd, but to date we have not received a reply.
How Click Frenzy Found The Kitchen
The Click Frenzy flagship event was held on November 14-15, and featured a series of special Go Wild sales with discounts of up to 99% off on a limited range of items for subscribers only. Subscribers are sent clues via email of where to be on the Click Frenzy website and a time range, with a pop-up banner appearing on that page at a random time featuring a link to the product page and a promo code to access the discount. Following the first event in 2016, where some users were able to secure a swag of items while others were frustrated at missing out, Click Frenzy made some amendments for 2017, introducing a limit of one item per user per household for the duration of the event, and using the promo code to help mitigate the impact of bots. With the quality of the items on offer, these sales are a magnet for fraudsters.
Immediately after the event, the team compared 2017 customers with 2016 customers and found a statistically improbable quantity of matching names. Click Frenzy went further, lining up all the information to find overlaps to link multiple accounts to individuals. It was a laborious and time-consuming process, but worth the effort when the motherlode was found this week. Click Frenzy already suspected there was a sizeable network of users involved in trying to cheat its systems, but did not have any evidence to link the suspicious accounts.
A single IP address linking three different orders warranted further scrutiny, which revealed a definite link between all three to the same individual, who had more than seven emails linking him under various monikers. One of those emails featured the domain copped.io, and a search for copped.io revealed a simple website promising a LEADING PREMIUM SNEAKER & STREETWEAR SERVICE
WEBSITE COMING SOON.
The home page links to a single product page offering Unlimited Residential Proxies, focused on gaming the major streetwear and sneaker sites including Adidas and Nike.
The next link in the chain was when it got more interesting. Turning to Facebook, Click Frenzy entered copped.io into the search field and discovered a public Facebook group going by that name, administered by Darron Eggins and featuring 1920 members. A quick scan through the member list revealed an extraordinary number of matches to Click Frenzy customers who had managed to secure Go Wild deals repeatedly against the odds. The mystery was solved – the Copped.io Facebook group linked the statistically impossible shopping activity of dozens of customers, identifying a network, which had been hiding in plain sight all along.
When Eggins, unaware of Click Frenzy’s discoveries, was advised that an order he had placed during the recent sales event was being cancelled, he took umbrage immediately. Within minutes he wrote to Click Frenzy claiming he had done nothing wrong, pleading “Please help me! I really wanted this item for a Christmas present for my girlfriend.”
Click Frenzy’s response was admittedly blunt, replying that it would now be a matter for the authorities, and suggesting that Eggins “give her some shoes.”
That comment enraged Eggins, who accused Click Frenzy of a personal attack. He shared the email with other Copped.io members, who evidently were also outraged. One member, Andrew Howells, contacted Click Frenzy’s Facebook page to vent about the treatment of his mate. In person, Howells is a freelance graphic designer from Perth, but online he is @tropiccreates, another ‘cook’ gleefully using bots to cop whatever he can get his hands on. On Twitter, Howells fawns over Eggins, congratulating him on cooking Click Frenzy “so hard”.
Howells posted a copy of the email exchange and leapt to Eggins’ defence, accusing Click Frenzy of “extremely unethical and quite honestly disgusting behaviour.”
Eggins also vented his anger on Twitter, posting:
“I’ve never seen a company that disrespects their customers more. Let alone investigates their private lives when someone purchases – then makes snide comments about me over email. @clickfrenzy you are a joke.”
One of Eggins’ followers suggested he should “Send them a letter with acid in it.” Eggins also commented on the Click Frenzy Facebook page that he had contacted the ACCC. Eggins was angry that he had been looked at, no doubt, but did not display any concern for what was still publicly visible on his social media accounts, including product hauls, code snippets, and an endless number of ‘cooking’ schemes.
Contacting Click Frenzy via Facebook, Eggins continued to express his disappointment at the service he received, saying, “I believe my time is warranted the same as any other customer” and “I don’t feel like a “valued subscriber”.”
Eggins didn’t actually know then how much time he was getting – he does now. Yesterday we made Eggins and other Copped.io members aware via email that we would be publishing this article. We offered the right of reply and more than 12 hours to respond, but have heard nothing back. However, within an hour of contacting Eggins, the public Copped.io Facebook group had been removed from view and Eggins’ Twitter and Instagram accounts were set to private.
Power Retail obtained a copy of the public Copped.io members list before the group was taken offline. Until Thursday afternoon, it was visible and accessible to anyone with a Facebook account and an internet connection – ie. the world. This supposedly secret society and its methods were just hiding in plain sight, waiting to be found.
In Eggins’ elitist world view, he appears to see himself as a superior being, beyond reproach with everyday internet users beneath contempt. The “technology literate”, as he describes he and his brethren, can do as they please without regard for the consequences on businesses and other consumers. “Not my fault people aren’t computer literate,” Eggins wrote to Click Frenzy.
Click Frenzy is not blameless, and has learnt some harsh and valuable lessons during this experience. The online shopping event acknowledges it needs to significantly improve the execution and defences in order to avoid more intrusive activity detracting from the customer experience in future.
Cooks or Crooks?
Can they be stopped? The rising “botter” tide is becoming a major and expensive headache for businesses, particularly in the streetwear and footwear category which are the most targeted. As reported in Forbes, in May 2015, Nike cancelled the online release of two shoes to protect “real consumers”, commenting that “Bots have been compromising the experience around specific products. We’re working hard to make sure real consumers are the ones getting access.”
The practice is certainly controversial, but is it criminal? In Australia at least, the jury is still out as the business and legal community come to grips with how to regulate the use of proxies and bots. Industry bodies are aware of the challenges, and looking to advocate for a fairer playing field for online shoppers.
“Such things have quite clearly been outlawed in NSW already by the Fair-Trading Amendment (Ticket Scalping and Gift Cards) Act 2017, but there is no case law with respect to this act yet,” says Dominique Lamb, CEO of the National Retail Association. “There is no question in our view that the use of bots constitutes anti-competitive conduct, as it can in certain circumstances compel the final consumer to be subject to a higher price than the proper seller intended. It also has implications for brand damage, good will etc.”
“Gamification is a big theme in retail, and the ‘ treasure hunt’ during Click Frenzy is a fine example,” says Paul Greenberg, Founder of the NORA Network. “At best, these “bot” guys are playground cheats. They know where the treasure is hidden before the game starts. Spoilsports. At worst, they are online scammers, scamming retailers and marketplaces, and of course consumers. The law will close on in on them, as it has with similar rorts in the online ticketing space.”
Meanwhile, the Copped.io cooks and followers continue to view their activity as natural and harmless, despite the serious and genuine impact it has on businesses. Customers acting in good faith who consistently miss out on items vent their frustrations publicly, while these bandits make off with prizes that are resold for a profit. How can this happen?
We’re throwing the spotlight on the cooks’ kitchen in the public interest, to give all businesses and consumers a better understanding of what and who they are up against in the online retail arena, and we hope this catalyses some serious action and greater regulation. As we publish this story, we’ve given fair warning to the leaders of Copped.io, but it’s fair to say the horse has already bolted. Cop that.