CasinoCityTimes.com

Gurus
News
Newsletter
Author Home Author Archives Search Articles Subscribe
Stay informed with the
NEW Casino City Times newsletter!
Newsletter Signup
Stay informed with the
NEW Casino City Times newsletter!
Recent Articles
author's picture
 

Hackers Go for Super Bowl Gold

12 February 2004

Just a few days before Super Bowl XXXVIII, online sports books were preparing for a record number of bets placed, but the anticipation must have been mixed with anxiety. Half a year of an escalating frequency of distributed denial of service (DDoS) attacks and the fastest-spreading computer virus of all time were looming.


"Send us the money and we'll make it stop."

The dreaded MyDoom virus, which unleashed its wrath on the SCO Group and Microsoft, wasn't a problem for cyber bookmakers. The DDoS situation was.

Extortionists launched a massive assault on Internet sports books, disabling many of them for several hours.

IGN talked to several operators, and all of them experienced a massive assault on Super Bowl Sunday preceded in nearly all cases by slightly smaller waves of attacks in the days leading up to the game.

A Weeklong Assault

One hosting provider reported that the barrages began on January 24, more than a week before the Super Bowl. Others said their sites started taking hits on the 28th.

Despite operators taking extra precautions, Super Bowl Sunday's DDoS culmination was heavy enough to render dozens of sites inaccessible to customers.

Alltopsportsbooks.com, which monitored a large number of sports books during Super Bowl weekend, reported that at 8:30 Sunday morning, more than 20 sites were not accessible to Internet customers. According to Alltopsportsbooks, VIP, Bet19, Gameday, Sportingbet, Superbook, BetCRIS, BetVSI, Virtual Bookmaker, MVP, V-Wager, Players Superbook, and more were offline at least temporarily for some period of time during the weekend. Most of them restored service before kickoff.

Costa Rica-based BoDog.com was one of the sites that survived the weekend without being knocked offline. Robert Gillespie, the company's operations manager, said their site came under attack Wednesday.

"[The attackers] slightly increased the size of the attack from about 80 megs to 120 megs per second, but it didn't have any noticeable effect that we could detect," Gillespie said. "It continued for part of Thursday and Friday, then I think they laid off most of Saturday. Then they resumed all day Sunday, and slowly started to fade away Monday morning when they realized it had no effect."

As usual, the extortionists demanded cash in exchange for stopping the attacks. Gillespie said the group targeting BoDog wanted $20,000. "They sent the same e-mail everyday, it never really changed. They never gave any directions where to send it. They said, 'Send us the money and we'll make it stop,' and I'm assuming we would have had to reply saying 'Where do we send it,' but we never went that far."

IGW Software was also on the battlefield Super Bowl Sunday protecting its licensees. "This attack was significantly larger, to a tune of what we believe is about 800 mbps, which is the largest that we have seen since these attacks started," IGW's president, Bryan Abboud, explained. "It was significant enough to affect some of our upstream providers that typically remain unaffected at all by DDOS. These attacks are a drop in the bucket from a bandwidth perspective to them. Apparently, the size and timeliness of the attacks against my clients' sites, coupled with the other attacks launched against other sports books' Web sites, actually caused a ripple effect shaking the Nap of the Americas. The size of the Super Bowl attack is what made it unique."

BoDog took extra precautions to ensure that its Internet service would continue uninterrupted. The company has spent $500,000 on equipment in the last four months and flew security personnel from North America to its offices in to cut down on response time. "Luckily we worked the kinks out of our mitigation hardware on Wednesday and Thursday, so Sunday was pretty smooth," said Gillespie.

No End in Sight

Super Bowl attacks could be a sign of the times, a new problem with which sports books will have to learn to cope. Extortion attempts have become an increasingly common threat for nearly every sports book in the last six months. Irish betting company Paddy Power was knocked offline Feb. 5 by a DDoS attack for several hours. In mid December, Planet Poker was temporarily disabled due to a DDoS attack, possibly indicating that hackers are beginning to expand their interest to all types of gambling sites.

There's still no easy indication of how successful hackers have been. Some sites have reportedly given in to ransom demands for cash, but no one knows for sure how many because operators are reluctant to admit it.

Scotland Yard has been working with operators in Europe and the United Kingdom to track down the culprits, but all that is known of their investigation so far is that the perpetrators are thought to be based in Eastern Europe.

The facts are still murky in this sensitive area, but things seem to indicate that the DDoS pest will persist. Expect the next massive North American bombardment in the mad month of March when the 64-team NCAA basketball tournament takes the stage in American sports.

Hackers Go for Super Bowl Gold is republished from iGamingNews.com.
Bradley Vallerius

Bradley P. Vallerius, JD manages For the Bettor Good, a comprehensive resource for information related to Internet gaming policy in the U.S. federal and state governments. For the Bettor Good provides official government documents, jurisdiction updates, policy analysis, and many other helpful research materials.

Bradley has been researching and writing about the business and law of internet gaming since 2003. His work has covered all aspects of the industry, including technology, finance, advertising, taxation, poker, betting exchanges, and laws and regulations around the world.

Bradley Vallerius Websites:

www.FortheBettorGood.com
Bradley Vallerius
Bradley P. Vallerius, JD manages For the Bettor Good, a comprehensive resource for information related to Internet gaming policy in the U.S. federal and state governments. For the Bettor Good provides official government documents, jurisdiction updates, policy analysis, and many other helpful research materials.

Bradley has been researching and writing about the business and law of internet gaming since 2003. His work has covered all aspects of the industry, including technology, finance, advertising, taxation, poker, betting exchanges, and laws and regulations around the world.

Bradley Vallerius Websites:

www.FortheBettorGood.com