Gaming Cybercrime 2016

The code for the Mirai botnet was posted publicly online in October, giving hackers access to the most powerful DDoS attack ever recorded. (Image: Shutterstock.com)

The online gambling industry has been a target for cyber criminals since the early days of the industry. The reliance of sports books on major sporting events for a major chunk of their revenues gives hackers a handy roadmap for extortion.

Take down a bookmaker’s site during the soccer World Cup, for example, or during the biggest race meet of the year, and the chances are it will pay a ransom demand if its internal security team or the company that hosts its servers can’t repel the attack.

Hackers generally use distributed denial of service attacks (DDoS) to disrupt the services of online gambling sites. DDoS attacks flood a targeted website with thousands of meaningless requests in order to overload the systems and render it non-operational.

As attacks become more sophisticated over time, so must efforts to counter them as security firms strive to stay a step ahead of cyber criminals.

This is why the emergence in 2016 of the Mirai botnet was a real cause for concern for online gambling sites.

Mother of all DDoS Attacks

Mirai can be described as the “mother of all DDoS attacks.” It first surfaced in mid-September and began launching attacks far beyond the scale and sophistication than anything we had seen before.

Mirai is able to harness the power of thousands of Internet of Things (IoT) devices, focusing them on a central server (botnet) to boost the power of an attack. And worryingly, the source of the code was posted publicly online on a hackers’ forum in early October.     

Sure enough, within weeks, the William Hill website became the first reported victim of the Mirai botnet within the industry. On November 2, the company said that its website had been knocked offline “intermittently” for around 24 hours, although customers reported that the outage appeared to last over three days, suggesting Hills was having a harder time battling the botnet that it was willing to let on.

But all this extortion and ransoming seems petty in comparison with the biggest gaming-related cybercrime of the year, which must also be one of the biggest cybercrimes ever.

Fed Bank Heist

On February 5, hackers flooded the Federal Bank of New York with requests for transfers totaling almost $1 billion from an account owned by the Bangladesh Bank and used by the government of Bangladesh.

Around $101 million was successfully withdrawn before suspicions were raised. Some $20 million of the stolen money was quickly traced to Sri Lanka and recovered. The rest was transferred to Philippine bank RCBC, and from there $46 million found its way into the lightly regulated Philippine casino industry where much of it disappeared.

Casinos in the Philippines are not beholden to anti-money laundering laws, which means makes the funds difficult to trace, and the incident has provoked calls inside the country for tighter regulation of the industry.

Some $15 million was traced, however, to accounts owned by Kim Wong, president of the Eastern Hawaii Casino in the Cagayan Economic Zone, who said he had received the money from two high rolling junket operators who owed him money.

Speculation as to the perpetrator of the crime ranges from Wong himself to the North Korean government, although, at the time of writing, no arrests have been made and the case remains a mystery.