The UK National Lottery was knocked offline by a DDoS attack on Saturday night, leaving thousands of customers unable to buy tickets for the primary weekly lottery draw.
The website was down for around an hour and a half at the absolute peak time for lottery sales.
It is not known whether lottery operator, Camelot, received a ransom demand from attackers. However, it is known that, on Saturday, a DDoS extortion group calling itself “Phantom Squad” sent messages to businesses around the world, threatening to disrupt their services unless money was paid.
“We’re very sorry that many players are currently unable to access The National Lottery website or app. Our 46,000 retailers are unaffected,” said Camelot on Twitter. “Please accept our sincere apologies if you were unable to play tonight’s games due to the website issue that affected many players.”
DDoS on the Rise
DDoS attacks flood websites with hundreds or even thousands of simultaneous requests, overloading their bandwidth and rendering them temporarily nonoperational. The site is usually held to ransom, with normal services restored upon payment.
According to Akamai Technologies, in 2016 the online gambling sector became the most frequently-targeted sector for the first time, accounting for more than 50 percent of all attacks. Attacks are becoming more frequent, fueled by the easy availability of DDoS-for-hire sites.
They’re becoming more powerful, too. Earlier this year, the Mirai virus surfaced, a new strain more potent than anything seen ever before. Mirai harnesses the power of thousands of Internet of Things (IoT) devices, from security cameras to digital video recorders, boosting the strength of an attack.
Data Breach in January
This is the second time in a year that Camelot has been targeted by hackers. In January, the company was forced to admit that the personal details of some 26,500 online players had been breached.
Camelot claimed there had been no unauthorized access to core National Lottery systems, which would affect draws or payments, but the attack may have resulted in personal information held in online accounts being accessed.
The operator suggested that data may have only been stolen from customers who used the same log-in details on different platforms, neatly shifting the blame, although many affected customers claimed they used unique log-in details for the site.
“If there’s 26,500 accounts here and they are saying the credentials are correct but they didn’t come from us, they still let an attacker log in 26,500 times,” one IT expert told the BBC. “That alone is something that illustrates a deficiency.”