Regulated iGaming in the US and abroad has yet another compelling reason for players to support its passage: the threat of Dark Web hacking of player accounts.
Most likely, darknet websites aren’t something you’ve often perused, unless you’re a drug dealer, professional hit man (or searching for one), or a cyber attacker.
But the nefarious Dark Web is probably responsible for organizing many of the most far-reaching financial crimes of the still-young 21st century.
Needless to say, this “hidden” web isn’t accessed by using an “Incognito” window in Google Chrome or “InPrivate” Internet Explorer tab, nor is it going to magically appear in your search engine results.
Instead, the Dark Web is accessed by only those with a thorough knowledge of computer indexes, with its criminal underground using encrypted networks like Tor, Freenet, and Invisible Internet Project, on sites that are often closed forums that are by “invitation only” to the most clever of society’s worst preying cyber criminals. Not only computer brilliance, but bravado and a no-holds-barred personality are required to make this “club.”
“If you want to join the mafia, they will say, ‘Okay, cut your finger and prove you are serious,'” Avi Kasztan, co-founder of cyber intelligence firm Sixgill told the Times of Israel. “On the dark web they say, ‘Okay, go hack this bank and prove that it was you.'”
Besides the obvious banks, online gaming offers another obviously attractive target to these financial felons.
After all, online casino sites possess private financial data on potentially millions of gamblers, who are betting with real money. Though attacks have been performed on both offshore sites and those already regulated in the United States, it’s the former that has less recourse for players should their information be comprised.
Down With DDoS
Over the July 4th holiday weekend, the New Jersey Division of Gaming Enforcement (DGE) confirmed a hacker performed a distributed denial of service (DDoS) attack on at least four Internet casino sites, an operation that floods servers with requests that essentially overloads its capacity and takes it offline.
The unnamed perpetrator demanded a Bitcoin ransom to prevent more catastrophic attacks. However it was never paid and DGE officials had the sites back up and running in some 30 minutes. Of course, whether this attack was generated by Dark Web users, we will never know, but as it’s like the Starbucks meeting place for cyber attackers, there’s a very good chance it was.
In April, sportsbook Betfair was the victim of a DDoS attack during the Grand National Festival, the United Kingdom’s equivalent of the Kentucky Derby, a heavily bet day of horse racing. PokerStars, Unibet, and Svenska Spel have also recently experienced DDoS attempts on their networks.
Though attacks on regulated Internet casinos in the US have been rare, the activity seems to be increasing at unregulated, rogue sites catering to both domestic and international consumers. “It happens quite a bit offshore,” David Schwartz, director of the UNLV Center for Gaming Research has said.
But it’s also starting to happen more frequently on US soil. One major such attack took place in February, when Iranian hackers, reportedly angered at Sheldon Adelson’s close ties to Israel and publicly decried rancor towards Iran, disabled the computer network at his Sands Bethlehem casino in Pennsylvania for six days, acquiring information on employees in the process, including their Social Security numbers.
More Regulation, More Protection
Kasztan’s goal is to enable “commercial enterprises to curb tomorrow’s cyber threats via today’s dark web activity,” claiming his team has the technology to discover and anticipate the next move by virtual criminals.
Asked how he accomplishes that, Kasztan replied, “I can’t really tell you. We have state-of-the-art technology.”
Estimates claim one in two Americans have been targeted in a cyberattack, and while that assessment might be a tad inflated to support Kasztan’s business model, underestimating the far-reaching scope of cybercrime is possibly more damaging and erroneous.
A regulated online casino is inherently more secure, due to the safeguards and consumer protections mandated by gaming commissions in legalized states, but until all states or federal lawmakers legalize iGaming, consumers gambling online will continue to be at risk in unregulated states.
“The fact is that licensed gambling sites are extremely difficult to ‘sneak’ onto,” Michelle Minton, fellow at the Competitive Enterprise Institute wrote in March.
For now, Kasztan advises players to only enter private info when using “https” URLs, and, of course, to also use common sense.