Globally, 2017 saw cybersecurity become a key issue across all industries, and online gambling was no exception. Internet operators have long been targets for DDoS attacks, which have become more frequent in recent years, as well as more powerful and more creative, and this year, all hell broke loose.
DDoS (distributed denial of service) attackers use malware to harness multiple compromised IP addresses, creating a “botnet,” which is then used to flood the servers of a company’s website, paralyzing all activity, usually until a ransom is paid.
Many such attacks go unreported, because admitting a security breach is bad for business. But known victims in the gambling space in 2017 included the UK National lottery website, a slew of Honk Kong-based sportsbetting sites, and the Winning Poker Network (WPN), which was repeatedly victimized.
According to Akamai Technologies, the online gambling sector is now the most frequently targeted sector, accounting for more than 50 percent of all attacks. Gambling sites are easy prey, because it’s simple for cyber criminals to predict the sites’ busiest and most lucrative periods.
Sportsbooks, for example, can be hit during the World Cup or a big racing festival, and poker sites during their flagship tournament series. The criminals know the chances are that victims will simply pay up and be done with it, rather than risk losing a major customer base.
As such, the UK lottery website was attacked during its prime weekly draw, leaving thousands without tickets, while WPN was hit during its Bigger Online Super Series (BOSS), resulting in the cancellation of the series.
The WPN incident came with a whiff of intrigue and the suggestion that the perpetrator of the attacks was not interested in extortion, but rather the possibility that a competitor was trying to undercut the site’s business.
WPN has been regularly victimized since 2014, despite never once having paid a ransom. Instead, WPN CEO Phil Nagy encourages his players to berate and insult the attackers who periodically appear in the site’s chatboxes, announcing the onset of an attack.
WPN players were doing just that, telling the attacker to “get out of his mom’s basement and get a real job,” when the shadowy figure replied:
“this is my job
another site give me money
for doos you
and i ddos you”
Creepy and intriguing, but equally so was the fact that, for one week in April, Hong Kong suddenly became the global center of cyber-attacks (an honor typically reserved for the United States), as scores of online gambling sites were battered by waves and waves of DDoS onslaughts.
Arbor Security, which spotted the phenomenon, noticed that these attacks largely originated in China. Country-level activity, said Arbor, often denotes geopolitical motivation, or cyber warfare organized on a state-level.
This begged the question: was China, which was in the midst of a gambling crackdown, sending a message to illegal Hong Kong-based sites targeting the Chinese mainland?
North Korea on the Make
Another possibility also presented itself. Since attackers can harness IP’s anywhere in the world, the true source is usually impossible to determine.
In July, a study by South Korea’s Financial Security Institute (FSI), which analyzed cyber-attacks between 2015 and 2017, found that its truculent neighbour to the north was no longer focused on using cyber warfare for acts of disruption or espionage. Instead, the cash-strapped nation was after a quick buck and would frequently target online gambling sites for extortion purposes.
But while hackers were stepping up their game in 2017, so were the cyber security firms. In August, researchers from Akamai, Google, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, and Team Cymru joined forces to take down a virulent botnet known as “WireX.”
The collaboration was significant, in that it was the first time a group of competing and fragmented tech firms had cooperated to beat the hackers. And that could well be a sign of things to come as we move into 2018.