DDoS a part of doing business in online gambling?

News on 21 Jul 2013

The incidence of Distributed Denial of Services (DDoS) is sufficiently high in the online gambling business for some executives to feel it is part of doing business, reports the publication IB Times.

In an article on the threat, the publication claims that “….in the world of online gambling….far-removed from the arch menace of NSA agents or Chinese hackers, the people targeting betting websites are just a constant nuisance.

“Their modus operandi is to launch, or threaten to launch Distributed Denial of Service attacks, purposeful acts of sabotage where typically a huge amount of data floods a website’s server, overloading it and taking it offline.”

The perpetrators usually demand extortion-like payments, sometimes using the untraceable virtual currency Bitcoin to collect payment from those victims who elect to pay up in order to avoid expensive outages to business, especially at peak betting times.

IB Times claims that its investigations have shown that DDoS criminals can even be hired to attack a particular website

Ashley Stephenson of web security firm Corero described DDoS criminals as “bottom feeders”, but said the threat was a nuisance rather than an internet crime wave. He said that attacks are often planned to hit – or threaten to hit – just prior to major sporting events, when business for online sports betting sites soars.

Motives for launching DDoS assaults are not always extortion-based, says Stephenson: “We saw one example where a gaming company was changing the rules of their game, and the result of that rule change would make it harder for third-parties to make money off the game. Those parties were annoyed with that so launched DDoS style attacks on the company to try and reverse the rule changes in the game.

“You also get examples of people making large bets on say interactive poker, and then purposefully crashing the site if it looks like they’re going to lose. In the physical word it’s like getting up and tipping the table over.”

Corero estimates than on average, a DDoS attack will cost a gambling site GBP 150,000 in lost business.

Stephenson says there are three ways to deal with it: pay the ransom, absorb the attack and the damage it causes; or fight the hit and then invest in technology that ensures there will not be a repeat of the experience.

He points out that relative to the potential damage caused by an attack, protection can be cheap, saying that Cloudflare, in the United States, offers DDoS protection for $200 a month. It’s the equivalent, Stephenson says, of fitting your house with locks or your car with an alarm.

DDoS is unlikely to harm an industry, Stephenson opines, but the threat is a nuisance that should be guarded against.

“I wouldn’t say it’s routine yet, but it’s expected. It’s the cost of doing business on the internet,” he concludes.

http://www.ibtimes.co.uk/articles/492388/20130719/ddos-attacks-cyber-security-online-gambling-poker.htm

Related and similar