New Jersey Online DDoS Attacks on Regulated Sites Arrive with Bitcoin Ransom Notes

Posted on: July 7, 2015, 02:39h. 

Last updated on: July 7, 2015, 02:49h.

Casino.org Staff Writer Read More

Expertise: Commercial Gaming.

DDoS (distributed denial of service) is not a reality that any online gaming company ever wants to cope with, but some regulated New Jersey sites had to do just that last week.

New Jersey’s fledgling online gambling industry has been targeted, apparently for the first time, by these distributed attacks.

Late last week, at least four unnamed sites were derailed by a hacker, or hackers, who flooded the sites’ bandwidths with traffic, rendering them inoperable, and ultimately taking them offline for around half an hour.

The attacks were accompanied by a ransom note for an undisclosed sum, payable in Bitcoin, with a threat of a more serious attack to follow.

Not New, But Frustrating

DDoS attacks are nothing new for the online gambling industry, of course. In fact, they’re as old as the industry itself, but there are suggestions that incidents of the unwelcome actions have been growing. Some experts even claim that attacks across all online industries actually doubled in 2014.

High-profile operators on the receiving end last year included Betfair, which was targeted on Grand National day, the biggest UK horse race meet of the year in terms of betting.

Attackers usually time their efforts to coincide with large sporting events in the hope that operators will simply pay up rather than lose business. PokerStars, Unibet, and Swedish state gambling monopoly Svenska Spel are also all recent victims.

Chances of Prosecution Slim

Despite the initial interruption, it appears that the situation is now stable and has been effectively dealt with by the New Jersey market’s cybersecurity teams. The battle between online gambling sites and the hackers is one of cat and mouse, of strategy and counterstrategy: as security technology improves, so do the hackers’ efforts to breach it.

New Jersey Division of Gaming Enforcement President David Rebuck said this week that the matter was now being investigated by state police, the FBI, and the New Jersey Office of Homeland Security and Preparedness, as well as his own organization. The various agencies, he said, were hunting a “known actor” who had “done this before.”

Chances of prosecution are slim, however. To date, only two men have been convicted for launching DDoS attacks. Those were two UK-based Poles who made the mistake of threatening an operator they knew personally and agreeing to meet him in a hotel room. The operator, of course, brought the police with him. In 2013, the hapless pair were sentenced to five years in prison by a court in the UK.

LVS Attack

Such attacks are not limited to online gambling, of course. In February 2014, Las Vegas Sands Corporation (LVS), owned by anti-online curmudgeon Sheldon Adelson, was subjected to a massive cyber assault that was believed to have emanated from Iran. On February 10, LVS was plunged into chaos as computers began flatlining and servers shutting down. Hard drives were wiped clean as malware ripped through the company’s networks.

As hackers began compressing and downloading batches of sensitive files, comprising everything from high-roller credit checks to details of global computer systems, the decision was taken to sever the multibillion dollar operation completely from the Internet.

The attack caused an estimated $20 million worth of damage. The attackers subsequently claimed their DDoS actions had been been inspired after hearing remarks made by Adelson in 2013 about “dropping the bomb” on Iran.