The high incidence of Distributed Denial of Services (DDoS) in the internet gambling business may be seen as a threat as: "....in the world of online gambling, far-removed from the arch menace of NSA agents or Chinese hackers, the people targeting betting websites are just a constant nuisance."
The perpetrators usually launch, or threaten to launch, DDoS attacks where typically a huge amount of data floods a website's server, overloading it and taking it off line demanding extortion-like payments. They sometimes use the untraceable virtual currency Bitcoin to collect payment from victims who choose to pay up.
Ashley Stephenson of web security firm Corero described DDoS criminals as "bottom feeders", who are rather nuisance than an internet crime wave. He said that attacks are often planned to hit just prior to major sporting events, when business for online sports betting sites soars.
DDoS assaults are not always extortion-based, says Stephenson: "We saw one example where a gaming company was changing the rules of their game, and the result of that rule change would make it harder for third-parties to make money off the game. Those parties were annoyed with that so launched DDoS style attacks on the company to try and reverse the rule changes in the game."
"You also get examples of people making large bets on say interactive poker, and then purposefully crashing the site if it looks like they're going to lose. In the physical word it's like getting up and tipping the table over," added Stephenson, estimating that on average a DDoS attack will cost a gambling site GBP 150,000 in lost business.
According to him, there are three ways to deal with it: pay the ransom, absorb the attack and the damage it causes; or fight the hit and then invest in technology that ensures there will not be a repeat of the experience.
However, the protection of damage can be cheap - in the USA Cloudflare offers DDoS protection for $200 a month. It's the equivalent of fitting your house with locks or your car with an alarm.
Although DDoS is unlikely to harm an industry, the threat is a nuisance that should be guarded against: "I wouldn't say it's routine yet, but it's expected. It's the cost of doing business on the internet," concluded Stephenson.
