Extortionists Target Online Gaming Sites

8 March 2004

Editor's Note: Interactive Gaming News takes an in-depth look at the rising number of extortion cases targeting online gaming operators. In the first part of the three part series IGN gives a glimpse inside the world of the extortionists themselves. Tomorrow IGN looks at solutions for operators to stave off extortion attacks.

Interactive Gaming News has obtained copies of extortion e-mails targeting online gaming sites for the last five months.

Rumors of the tactics started in the fall, during the height of the American football season, but the intensity of the attacks picked up during the playoffs of the National Football League and peeked on Super Bowl Sunday.

As part of the plan, the extortionists send an e-mail to an executive with a sports betting site, informing him that the site will be taken down due to a hacker attack on a specified date and time. If the operator wishes to avoid being attacked, according to the letters, they can pay anywhere from $10,000 to $50,000 for guaranteed protection.

The protection is usually only offered for a specified period of time, typically six months from the communiqués IGN obtained.

While the names of the sites have been left out of the e-mails sent to Interactive Gaming News, some major players in the industry have confirmed to either being approached by the extortionists or to having actually had their sites taken down due to the attacks.

The targets range from major sites based in Costa Rica and other Caribbean jurisdictions to sites based offshore in the UK.

Other operators have confirmed payment to the extortionists in order to avoid being taken down during a key time for business.

Security experts say the approach is one that, to date, is unique to the online gaming industry. Poker sites and other non sports-betting operations have been targeted by the scheme within the last month.

The most recent extortion e-mail obtained by IGN, was dated Feb. 2, with the oldest one being sent in mid September.

The e-mails give a glimpse into the operations of the extortionists and shed some light onto what kind of people are behind the attacks.

One of the e-mails, sent to a site operator, refers to his "manager" as an "idiot," for not wiring $10,000 right away when he was first approached about the possible attack.

Another exchange reveals how the groups view the company once they are paid. An operator contacts the extortionists, which he has already paid off, after being approached by another group.

The group replies to the operator telling him that since he is one of their "clients" they will block the other attack "for free." The sender also informs the operator that he shouldn't pay the new group because they are "imposters" and have to "no authority in our world."

Although many of the operators who have been targeted by the scheme are remaining tight-lipped about the rise in popularity of the plan, one major operator had some strong comments for the extortionists.

John O’Reilly, the chief executive of Irish-based Paddy Power, said his company, which offers online betting in addition to its land-based shops, was targeted first more than a month ago. He said Paddy Power first started getting wind of the approach a year ago and suspected the attacks were coming from American-based hackers, and he feels the groups aren't limiting themselves to online gaming.

"These people have the ability to stop not just Internet betting but even an airline like Ryanair," he said. "It's racketeering and extortion, and responsibility for stopping it rests with the ISPs (internet service providers)."

O'Reilly didn't say how much money Paddy Power was requested to pay, but he indicated the M.O. of the hackers was to ask for $10,000 to $50,000 in exchange for them leaving the site alone, but he said that he has heard of operators who pay up only to have the hackers back next month asking for more money.

O'Reilly said technology security experts have told him that the attacks are likely originating from gangs of hackers.

The gangs bombard the websites with requests for information so that those wanting to place bets cannot get on.

Corals and Blue Square, a pair of UK-based betting sites, also confirmed they were targets of the extortionist attacks.

Blue Square's finance director Ross Ivers said the approach is more complex than just "hacking."

"This is not hacking - there has been no attempt to steal data," he said. "It's blocking and it's akin to putting 400 people inside a betting shop to block anyone else coming in."

Paddy Power has a third of the Irish market and will increase its London shops from 14 to 30 by the end of the year.

The targets of the e-mails, as well as the names of those sending the e-mails, have been removed. Various operators were targeted by the scheme and the e-mails are sorted with the most recent one at the top of the file.

  • To read the full text of various extortion e-mails obtained by Interactive Gaming News click here

  • Nobody knows where Kevin Smith came from. He simply showed up one day and started writing articles for IGN. We liked him, so we decided to keep him. We think you'll like him too. Kevin can be reached at kevin@igamingnews.com.