Gaming Strategy
Featured Stories
Legal News Financial News Casino Opening and Remodeling News Gaming Industry Executives Author Home Author Archives Search Articles Subscribe
Newsletter Signup
Stay informed with the
NEW Casino City Times newsletter!
Recent Articles
Kevin Smith

Worst Part of Extortion Threat May Still Lie Ahead for Industry

10 March 2004

Editor's note: In the final installment of Interactive Gaming News' three-part series on the rising number of extortion attempts, IGN looks at what lies ahead for the industry and it faces its latest global challenge.

A secret battle raging in the Interactive gaming industry for the last six months has exploded into a public war and online operators are determined to win the fight.

Owners of online sports books first were targeted by groups of extortionists during the football season last fall and the attacks have steadily picked up and many in the industry expect them to peek in the next couple of weeks with major sporting events doting the landscape in all corners of the world.

The extortionists have made a habit out of threatening operators with an attack during major events. Often times, after the threat is made, the attackers will conduct a minor attack, just to make sure their point gets across but not severe enough to take the site down.

The attackers offer to keep the operator safe from being hacked, in exchanged for a fee of $20,000-$50,000. If the operator refuses to pay the hackers then target the site with an attack during a specified time, usually when they know the site will be experience high traffic.

Within the next week the NCAA will start is national championship basketball tournament, a major sports betting event for American punters, as well as the Cheltenham racing festival, which is a huge spectacle for Irish and UK-based punters.

The worst of the attacks could still be head of the industry, especially when Australia's Grand National, scheduled to kick off within a month, is added to the list.

The attacks aren't focused on one part of the world either. Operators in the Caribbean, Europe and even Asia have all been targeted.

Paul Lawrence, the general manager of Top Layer a hi-tech security firm with offices in the U.S. and Europe, said he has seen the attacks increase this week as European-based operators gear up for the popular Cheltenham Festival.

Law Enforcement Gives Mixed Signals

While the extortionists are targeting sites from all over the world, there has been little cooperation between global law enforcement groups. Sites from major well-known online brands to smaller operations have all been targeted.

Officials with and confirmed Monday they had paid the money after being threatened and not paying the attackers with their initial request.

Lawrence said the number of groups targeted the industry with the threats is rising as word spreads that some operators are willing to pay up the money right away.

"There is more than one group active," he said. "It appears they have no regard for geographical boundaries either."

BoDog, which is based in Costa Rica, and BetWWTS, with its headquarters in Antigua, have little help they can get from law enforcement. Both sites target U.S. players and the Department of Justice and others in the U.S. do not look favorably on the industry.

The FBI had no comment on the attacks, but one offshore operator said U.S. law enforcement should be taking the extortion attacks seriously.

"This is cyber terrorism as far as I am concerned," he said.

The likelihood of operators getting much, if any, sympathy from U.S. law enforcement is unlikely, though there is hope in Europe.

In the UK operators are able to call on the Hi-Tech Crime Unit. Lawrence said the group is investigating cases with other law-enforcement agencies.

A spokesperson with the Hi-Tech Crime Unit on Wednesday told IGN that the group started investigating a "number of cases," in the autumn and was concerned with the rising number in the attacks in the last couple of months.

"This is something that we are aware of and watching," the spokesperson said. "To date, this is something that is restricted to this industry, and we are doing are best to stop it before it spreads to other areas of e-commerce."

The spokesperson didn't want to comment on whether or not the unit is receiving cooperation from the United States, but was aware of the belief among industry insiders that they would get no assistance from the U.S.

"We are getting cooperation from law enforcement overseas, but I can't say if that is from the U.S. or not," the spokesperson said. "We have heard the belief from people in I-gaming that we will get little or no help from the U.S."

What Lies Ahead?

Another technology firm that has managed to help many in the interactive gaming industry during its latest time of trouble is Riverhead Networks. The company has technology that combines five different aspects of security to help monitor and stop attacks.

Steve Woo is Riverhead's Vice President of Marketing and Business Development and feels that gaming operators should get a security solution in place that can cover the range of attacks available to extortionists.

"The solution must have the high performance and capacity needed as the extortionists can easily launch many 100s of megabits of attack traffic and just as devastating use 100s of thousands of distributed attack sources called zombies," he said.

Meanwhile, hacker assaults of all types are on the rise. The Financial Times estimates that there were 114,000 computer viruses in January through October of 2003, compared to the 21,000 that existed two years ago.

In February 2003 a single virus infected 300,000 machines in just 14 minutes, while in 2001 it took Code Red, the most infamous virus, 26 hours to infect that many machines.

All on-line businesses are vulnerable, but the significant revenue, low customer switching costs, relatively small IT operations and lack of potential assistance from the authorities makes gaming operators especially attractive targets.

Unfortunately for the industry, Lawrence feels gaming sites will continue to be targeted now that the hackers know some are willing to pay.

"This is something that will keep going on until the industry is sucked dry," he said. "The smaller sites may not be able to afford to pay them, but if they are down for a couple of days during peek betting times, it could be enough to put them out of business."

Within the last month the extortionist attacks have spread throughout all areas of the interactive gaming industry. Once reserved for only sports betting sites, the number of attacks aimed at online casinos and Internet poker rooms have risen dramatically, according to Woo.

One operator of a sports betting and poker site, said he invested "more than what the extortionists asked for," in upgrading security with his family of sites.

"But you have to wonder if these guys are going to catch up with what the security firms are doing and we will have a whole new mess on our hands by summertime," the operator said.

The chances of the perpetrators being caught are slim, according to most experts. If operators are able to prove their systems are safe from the attacks the extortionists might move on to another industry. But even if a small number of operators continue to pay the ransom money, the industry could be in for a long fight, Woo said.

Worst Part of Extortion Threat May Still Lie Ahead for Industry is republished from
Kevin Smith
Kevin Smith