Cyberattacker Shows His Cards, Says Rival Site Paid for Assault on ACR Poker Network

Posted on: September 6, 2017, 03:43h. 

Last updated on: September 6, 2017, 04:20h.

The Winning Poker Network (WPN) and its flagship site America’s Card Room (ACR) were hit by a spate of massive DDoS attacks on Thursday. The onslaught lasted three days and resulted in the cancelation of the network’s “Bigger Online Super Series” (BOSS) of tournaments.

WPN CEO Phil Nagy
Phil Nagy, CEO of the Winning Poker Network, has said he can’t rule out the possibility that a competitor has been paying DDoS attackers to disrupt his flagship tournament series. (Image: YouTube)

Cyberattacks are nothing new, and DDoS assaults have menaced the online gambling industry since its infancy. But this most recent one against WPN was accompanied by some harsh words between poker players and the attackers that may have revealed dirty competitive tactics among American-facing online poker sites.

“Over the last three days, we’ve had 26 separate attacks with up to 14 million IP addresses pointed at us,” WPN CEO Phil Nagy said Monday on his Twitch channel, “Sick numbers, in my mind.”

Poker sites have been a favorite target for attackers because it’s easy to coordinate attacks with a flagship tournament series, as in the case of WPN’s BOSS.

WPN was first targeted in December 2014, when the site ambitiously attempted to host the first $1 million tournament series for a site accepting US players, but had to cancel it. Since then, it has been consistently and frequently targeted more than any other online poker site for cyberattacks.

Cyberthugs for Hire

Distributed denial of service attacks use thousands, if not millions, of surreptitiously compromised IP addresses, creating a “botnet” that is then concentrated on a targeted website, crippling it with an overwhelming wave of data.

DDoS threats are often accompanied by a ransom demand.

Nagy said he has never paid a ransom. “I’ve always taken the stance that you never, ever, ever pay a terrorist. It’s just not going to happen.”

Instead, he encourages players to berate and insult the attacker, or attackers, who from time to time pop in chat boxes on the site, announcing the onset of an attack and setting out demands.

Over the weekend, WPN players were doing just that, harassing the anonymous attacker by telling him, for example, to get out of his mom’s basement and get “a real job.” People didn’t, however, expect his chilling reply:

this is my job
another site give me money
for doos you
and i ddos you
this is my job

Unanswered Questions

There was no doubt this was the DDoS perpetrator. He had announced exactly when the attacks would take place, even counting down in the chatbox to the next wave.

But would a DDoS attacker employed by a rival site realistically boast publicly about it in this way? Perhaps he was just taunting his victims. Or perhaps under the barrage of personal attacks being hurled his way he merely let down his guard and showed his cards.

It’s a possibility, Nagy said. After all, why else would he continue when he has never extorted a dime from the site?

“This guy is obviously not the most reputable source, but it makes sense,” Nagy said. “It costs money to launch these attacks, they’re not cheap. And they started when we launched our first million. It makes sense that I pissed somebody off.”

Nagy said he is considering offering a reward, “something really big,” to anyone who can find evidence of who has been behind the attacks.

Until then, he said, “keep your eyes open, keep your ears open, because somebody, somewhere is f**king with your poker.”