CryptoLogic may have been lucky. But casino attacks are considered a ripe target for hackers who are enticed by the large number of casinos still operated in poorly policed jurisdictions such as the Caribbean, and by the large number of wagers they handle.
. Customers of such sites register with their credit card details and the operators plunder the credit card account, Donoughue said.
The company said that for a few hours during the disruption in late August, 140 gamblers racked up winnings of $1.9 million.
The hack attacks come in a variety of forms.
If timed right – such as just before a big sporting event when the wagering activity is at its highest – a denial of service attack could rob a big betting site of millions of dollars worth of bets. “Where would you go? I’d go to dodgy online casinos.
LONDON – Call it the gambling industry’s dirty little secret. It was able to detect the security breach early on, minimising the losses.
The winners were permitted to keep the money as it is believed they had no hand in the hack attack.
“No one is going to say it’s happened, because that’s bad for business. Their customers aren’t going to complain.”
There have been also been incidents in which shell gambling sites are created. “It’s become one of the most common fraud scams,” Barrett said.
“I’ve seen well engineered hack attacks coordinated with very well engineered extortion attacks coming from Leningrad,” Barrett said.
“There are a number of groups trying to make money by hacking,” said Donoughue. Some hackers unleash crude “denial of service” barrages, which disable the targeted site with a flood of information requests.
Barrett and Donoughue say some recent blackmail attempts have been traced to groups from eastern Europe that they say could have ties to organised crime.
In some of those instances, the intruders have gone back to the victims, demanding extravagant sums in exchange for guarantees the attack will not recur, experts say. In other cases, coordinated hack attacks have knocked out sites for longer, security experts say.
Last week, CryptoLogic Inc., a Canadian software company that develops online casino games, said a hacker had cracked one of the firm’s gaming servers, corrupting the play of craps and video slots so that players could not lose.
CryptoLogic is liable to absorb $600,000 of the misappropriated winnings, as a $1.3 million insurance claim will cover the remainder.
She added the security breach affected two of Cryptologic’s 19 casino operating licensees; she would not disclose the two site operators. Hackers are sabotaging online casinos with greater regularity, security and gambling experts say, in some cases scamming large sums of money from the gaming firms. But there is anecdotal evidence,” said Steve Donoughue, managing director of The Gambling Consultancy in London.
CASINOS VULNERABLE TO ATTACKS
Neil Barrett, technical director for London-based Information Risk Management, concurred, saying that over the past year his e-security consulting firm has been contracted to shore up a half-dozen casino operators that had fallen victim to such hack attacks.
In other examples provided by security experts, the culprit breaks into a casino’s computer server and alters the computer programming code to generate more winning payouts, as was the case with CryptoLogic. She said: “It is likely the intruder was somebody with inside information of our system.” CryptoLogic is cooperating with investigators.
A number of industry groups say online gaming is currently a $1.5 billion industry expected to grow to as much as $6 billion in the next 18 months.
The incidence of Internet fraud has hit every sector of online commerce from banking to shopping sites.
“In the case of slots, it was coming out cherries across the board,” CryptoLogic spokeswoman Nancy Chan-Palmateer told Reuters on Monday.
The games were altered so that every roll of the dice in craps turned up doubles, and every spin on the slots generated a perfect match, the company said