Online gambling sites have come under a fresh wave of distributed denial of service (DDOS) attacks by malicious programmers looking for a quick payday.
Over the weekend, the Twitter helpdesk of UK-listed operator Betfair reported that both its betting exchange and fixed-odds sportsbook were down for the count. On Monday, Betfair revealed that it was “currently experiencing a DDOS attack on our site, which is stopping all site traffic.” Later messages confirmed that the site’s issues were the result of “a deliberate attempt by a third party to interrupt our service.”
By late Monday, Betfair was reporting that its site was “stable for now, however we are still monitoring to see if this malicious activity re-occurs.” However, as of Tuesday, the site said it continued to experience “technical issues beyond our control” that were affecting its in-play feed.
Traditionally, DDOS attacks on online sportsbooks are timed to coincide with marquee sporting events, in the hopes that operators will consider a ransom payment an unwanted but worthwhile expense in order not to miss out on significant betting volumes. Betfair’s unknown assailants appear to have timed their attacks around this weekend’s Grand National racing fixture and Sunday’s climax of golf’s Masters event.
Earlier this month, Malta-licensed Betat Casino reported coming under a DDOS attack by unknown attackers seeking payment in Bitcoin. A Betat spokesperson told players that the attack was “vicious, massive and widespread and hit our entire range of sub-nets.” The spokesperson said the volume of nuisance data clogging its servers topped 45 gigabytes per second. The attackers reportedly asked for 10 Bitcoin, or roughly US $2,200, in order to stop the harassment.
Other online gambling outfits – including PokerStars, Unibet and Tonybet – have reportedly experienced similar connectivity issues over the past week, although the companies have yet to confirm the source of these issues. It’s equally unclear whether the presumed attacks are a coordinated assault by a single band of brigands or an unhappy coincidence, but the former seems far more likely than the latter.
Bringing DDOS attackers to justice is a daunting proposition although there have been a few notable successes. In December 2013, two Polish blackmailers were sentenced to five years for DDOS attacks on unnamed UK gambling sites. However, in that case, the attackers were stupid enough to (a) target someone who knew their identities and (b) attend an in-person meeting that was crashed by Manchester police.