New Jersey Online Casino Cyber Attacker Demands Bitcoin Ransom
Last week, New Jersey’s regulated online gambling market suffered a series of distributed denial of service attacks (DDoS) that resulted in four of its sites going offline for more than half an hour. However, it would seem the main aim of the cyber-attack was to scare the sites into parting with ransom money or else face an even more “powerful and sustained attack” in the future. Furthermore, the hacker demanded any forthcoming money should be paid in the digital currency Bitcoin, a favorite amongst cyber-criminals because it can be easily traded with other internet criminals.
Suspected Hacker A “Known Actor”
Initially, the sites optimistically assumed that the technical difficulties they had been experiencing were caused by an unusually high influx of players causing their infrastructure to stutter. The DDoS attack, however, was soon discovered with the New Jersey Division of Gaming Enforcement (DGE) subsequently identifying its perpetrator as a “known actor” who has “done this before.” Interestingly, the cyber-criminal(s) threatened to carry out a more devastating attack if his Bitcoin ransom demand was not met within 24 hours, but that time period subsequently came and went without further incidence. This has led analysts to speculate that either investigators managed to successfully disable his computer system, or that he was unable or simply incapable of making good on his threat of a more powerful assault. There also exists the possibility he got cold feet, or was paid a ransom, but this possibility seems the less likely of all.
Quick Response Praised
Meanwhile, cyber-security expert Bill Hughes Jr praised the successful response of involved parties, stating: “It sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner. It appears that the system worked here.”
Prosecution A Slim Prospect
Following his criminal actions, the hacker is now been hunted by a number of different agencies, including the New Jersey Division of Gaming Enforcement, the New Jersey Office of Homeland Security and Preparedness, as well as New Jersey Police, and the FBI. Nevertheless, chances of the “known actor” eventually being caught are slim at best, as Cyber-attacks have been on the rise over the past few years with numbers of reported incidences doubling in 2014, and yet to date there is just only example of DDoS-criminals being apprehended. This relates to two UK-based Polish men who agreed to meet the online operator they had been threatening in person, only be be arrested by police in waiting. They are currently serving five years behind bars.
DDOS Attacks On The Rise
DDOS attacks occur when a hacker attempts to overwhelm a server or online service by flooding it with traffic from hundreds and even thousands of different sources. As cyber-security expert Bill Hughes Jr explains:
“So many cars are trying to get through. There’s gridlock. The parkway becomes a parking lot. A DDOS attack is something similar to that.”
Over the past 15 years, DDoS attacks continues to grow with its list of online gambling victims including PartyPoker and 888poker at the end of 2014, and PokerStars and Betfair in April this year. Needless to say, such attacks have the potential to frustrate a an operator’s customers to the point of abandoning the site, and as one player commented last year after having his tournament suspended after several hours of play:
“This is unbearable.. Has PokerStars made a statement yet? If not, Euro sites here I come.”
The most high profile casino hack to date, however, occurred in February 2014 when the world’s biggest gambling company, Sheldon Adelson’s Las Vegas Sands Corp, was attacked by cyber-terrorists operating from Iran. Not only did they cause millions of dollars of damage to computer systems, and erase vital data from the company’s hard drive and servers, but important personal details were also stolen, including Social Security data, driver licenses numbers, and credit card details. Commenting on the threat emanating from future crippling cyber-attacks, US director of National Intelligence James Clapper said:
“Rather than a ‘cyber-Armageddon’ scenario that debilitates the entire US infrastructure, we envision … an ongoing series of low-to-moderate level cyber-attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”