I-Gaming's Thorn du Jour: DDoS

26 November 2003

The exact extent of the problem is unknown. The Financial Times reported last week that in September over a dozen I-gaming sites that target the U.S. market were crippled by distributed denial of service (DDoS) attacks. But security firms, gaming technology providers, and police investigators suggest that the situation is far worse.


"Nobody knows the full extent of this problem."
- Neil Barrett
Information Risk Management

After the attack renders the gaming network inoperable, the culprits send a demand via e-mail for a large sum of cash in exchange for restored control of the network. If the customers and/or shareholders find out that the entire network is completely vulnerable, the consequences could be devastating. So many companies silently fight off the attacks, and some--perhaps even many--also silently give in to demands. The problem is worldwide, and investigators express the belief that the Russian mafia is responsible, meaning that organized crime is now another enemy that the I-gaming industry must battle.

What is a DDoS?

Your customers are denied services. This is because several PCs on the Internet have been breached by Trojan horses. Those PCs now do the bidding of the attacker, every one of them ceaselessly bombarding the network with e-mail or other fake requests. The incoming traffic is so thick that no data can get out. Services shut down.

DDoS’s aren’t new. They’ve probably been around as long as the Internet. Bryan Abboud, president of IGW Software, says he has seen DDoS attacks over the last four years, but there has been a definite surge in the number this year, and the attacks are becoming increasingly more organized.

Abboud said two of IGW’s clients recently faced downtime due to an assault by attackers, which the company speculates were Russian. “They initially send an extortion demand e-mail to the operator --mafia style (pay up and don’t tell the police). If the operator has not sent the ransom, an attack ensues. At that point you have two choices; defend or pay.”

I-Gaming

All industries are easily as susceptible to DDoS attacks, and even Microsoft has encountered them. But it seems that only recently have the attacks become a means to extort heavy amounts of money.

Neil Barrett, technical director for Information Risk Management and an advisor to the U.K. police on tech crime, said, “Nobody knows the full extent of this problem. There has certainly been a significant increase in the number of denial of service attacks and the only sensible reason would seem to relate to extortion.”


"The more companies that succumb to these ransom demands, the worse off this industry is going to be."
- Bryan Abboud
IGW Software

Paul Lawrence, a manager for DDoS protection company Top Layer, is seeing the same trend. “We have seen these peaks being hit around the world," Lawrence said. "It does seem to be a trend, where they find a specific type of company--like online gambling--and geography is no barrier to them. They seem to be working their way around the world, picking people off quite happily.”

The nature of I-gaming makes it a particular tasty morsel for extortionists. Most sites obviously have a large amount of cash being transferred on a daily basis, making for a sizable ransom. The Financial Times reported that demands for $40,000 were requested by the attackers of the dozen offshore betting sites mentioned earlier.

Downtime can be particularly crucial to a company’s livelihood. Attacks can leave a network paralyzed for many hours, even days if not fought properly. Extended downtime becomes a motivator for companies to pay the ransom. Every hour customers are denied service is another reason for the customer to try one of the hordes of competitors.

And as mentioned, the revelation of a security breach could be the demise of a betting company. Customers would not feel safe holding accounts with the company, and shareholders might make some grave decisions.

Protection

“The more companies that succumb to these ransom demands, the worse off this industry is going to be,” said Abboud from IGW. “Fortunately, with the persistence of our team at IGW and general assistance from traditional industry competitors who had been through the process, we were able to successfully thwart the aggressors this time.”

Abboud said he's heard of cases in which gaming sites have given in to the demands, only to be extorted just four to six weeks later.

DDoS protection services are available. Ian Morris, founder of Equip, said his group has been working with a few of the known attacked sites. “In a lot of cases, the attacks have taken out well configured firewalls," Equip explained. "Most people in positions of authority believe that, because they’ve got firewalls, they are protected--bulletproof if you like. These attacks have shown that this is not the case.”

The United Kingdom's National High Tech Crime Unit has advised businesses not to comply with extortionists’ demands and to contact police immediately, but not all jurisdictions have appropriate investigative departments. And of course there is the dilemma of whether to let such knowledge become public.