Editor's note: In part two of Interactive Gaming News' series on the rising number of extortion attempts IGN looks at the size of the dilemma the industry faces and talks to security experts to get their thoughts on what online gaming operators should be doing to thwart the attacks.
As more and more criminal gangs target online gaming operators through extortion attempts, security experts agree that options are limited for the companies that are the targets of the attacks.
The extortion attempts – which demand large sums of money from the companies in exchange for their sites being left alone and free of hacker attacks (if the operator doesn't pay the site gets taken down) – offer little room for decision making for operators.
They can either pay up and be guaranteed of being left alone from whatever group approaches them, or they can do nothing and cross their fingers that their security measures in place will survive any attack on their system.
No one seems to be immune to the attacks either. Tuesday's edition of USA Today reported that leading sites like BetWWTS.com and BoDog Sportsbook & Casino both were recently forced to pay $30,000 and $20,000 respectively to keep their sites from going down.
Other notable sites have confirmed to IGN that they were either forced to pay or targeted by attacks and withstood them.
BetWWTS made its payment, according to the story, after the site was shut down and its customers were denied access to the site, costing the company an estimated $5 million.
Like its offshore competitor, BoDog was forced to pay up after its site was immobilized last fall, according to BoDog's president Rob Gillespie.
Security Firms Answer the Call
After being targeted by the extortionists, BoDog turned to tech security firm Riverhead Networks to protect its system. Gillespie said the system withstood another attack on Super Bowl weekend once the upgraded security measures were in place.
The attacks come in different forms, according to Paul Lawrence, general manager for Top Layer Networks. Like Riverhead, Top Layer has seen its client list in the online gaming industry grow exponentially over the last couple of months.
Often times the perpetrators initially unleash a warning SYN-Flood attack to give credibility to their threat. Some operators are able to control the initial attacks and the site remains up, although the warnings are serious enough to make the operator take notice.
The attacks are often followed by a demand that threatens a full, debilitating attack unless a ransom fee is wired to an intermediary within a time window designated at 24 to 48 hours.
Typically the hackers, according to Lawrence, then unleash a full attack of distributed SYN and UDP floods. If sites are able to withstand those, the hackers usually turn to single-source SYN Floods, UDP Floods, NB-Gets, ICMP Ping Floods and UDP Fragment Attacks.
Gangs of computer crooks allegedly operating out of Eastern Europe have collected protection money from 10% to 15% of the companies they have threatened, says DK Matai, executive chairman of security company MI2G.
Options for Operators
Steve Woo, Riverhead's Vice President of Marketing & Business Development, said his firm developed propriety software that uses a Multi-Verification Process with five different modules-- Dynamic Filtering, Anti-spoofing, Anomaly Recognition, Protocol Analysis, Shaping and Rate Limiting.
He said the attacks are occurring on a daily basis now, and targets have extended form online betting sites to online casinos and poker rooms.
"Once word spreads among the criminal community that there is a sector that is paying up, the sharks attack," he said.
In addition to protecting individual sites, Woo said Riverhead has installed its system with hosting centers and ISPs that help gaming customers by giving them protection on their Rackspace and DataPipe.
Woo and Lawrence both said they have seen instances where operators thought they had systems in place to stave off the attacks, only to be called in later to get a system back up and running.
"Riverhead has been called in by several gaming operators to replace other solutions that weren't up to the task," he said. "Unfortunately the systems couldn't stop the latest attacks."
Lawrence has seen a worse case scenario for some operators.
"I know of some sites that have paid and still got taken down," he said. "In the past operators have been lulled into a false sense of security, but most realize this is serious now. They don't have a lot of options to choose from in terms of a course of action." Woo said.
Tomorrow IGN concludes its three-part series by looking at what lays ahead for the industry in terms of the extortion threats and what international law enforcement agencies are doing about it.
Nobody knows where Kevin Smith came from. He simply showed up one day and started writing articles for IGN. We liked him, so we decided to keep him. We think you'll like him too. Kevin can be reached at
kevin@igamingnews.com.