New Jersey Online Gambling Sites Hit by DDOS Attacks
New Jersey casino officials and state gaming regulators have confirmed that at least four of the 16 online-gambling sites operated by the state’s casinos were targeted in an extortion-based DDOS attack late last week.
According to mainstream New Jersey outlets, the four unnamed sites were targeted last Thursday by an officially unidentified hacker, though one who state and federal authorities might already have leads regarding. Last week’s attacks, according to a statement that New Jersey Division of Gaming Enforcement director David Rebuck provided to the Press of Atlantic City, consisted of “a DDOS attack which lasted approximately 30 minutes,” followed by the threat of a stronger and more-sustained attack against the sites if electronic ransom was not paid in the form of Bitcoins, the virtual electronic currency which offers its users partial anonymity.
The follow-up attack was supposed to occur on Friday, targeting increased traffic expected by the sites over the US’s Fourth of July holiday weekend. However, increased cyber-security measures put into place by the sites and their internet service providers appear to have foiled the threat, if indeed it was launched. The extortioner may have gotten virtual cold feet after New Jersey and federal authorities became involved, though the investigation continues.
As the DGE’s Rebuck told NJ.com, a primary suspect is already being tracked down. “He’s a known actor. He’s done this before,” said Rebuck, referring to the unnamed suspect.
Mainstream reports cited last week’s attacks as being the second such hacking venture launched against a US casino’s online operations, though that is incorrect. It’s at least the third. The mainstream stories pointed to last December’s hacking of several Las Vegas Sands Corporation websites as the first such attack; in that episode, the private information of many LV Sands employees was made public, along with a huge number of corporate communications.
However, investigations into the LV Sands hacking indicated that the attack was political in nature, possibly launched from Iran. LV Sands CEO Sheldon Adelson is a hardline pro-Israel supporter who has publicly called for strong action against Iran, perhaps thus precipitating the cyberattack.
Instead, last Thursday’s attack against the New Jersey sites was pure extortion, continuing at least a 15-year legacy of such DDOS-based shakedowns launched against online-gambling sites. Nor was the Thursday attack likely the first such DDOS-ing launched against a US-regulated site. Last September’s main event of the inaugural Garden State Super Series, an online poker series hosted by NJ.PartyPoker.com, was canceled mid-tournament after unexplained “massive technical difficulties” made the site unplayable.
NJ.PartyPoker.com, a site operated by the Borgata using bwin.party’s PartyPoker software, never provided a detailed explanation for the outage. However, the company did not deny widespread industry speculation that a DDOS attack had occurred, as it was in the midst of other known DDOS attacks targeting other sites and networks last fall, including one that forced the Winning Poker Network to cancel a million-dollar-tourney of its own.
Whether or not last Thursday’s attacks were launched against four separate Atlantic City casinos or four different websites offered by a single casino remains unannounced. Rebuck’s only statements on the attacks were made to local media outlets, and an official update has not been published on the DGE site.
Of the six Atlantic City casinos approved for and already offering online gambling, Borgata is the only one currently offering exactly four online-gambling sites — www.Borgatacasino.com, www.Borgatapoker.com, www.NJ.Partypoker.com and www.palacasino.com. Caesars operates a total of six online sites under two separate licenses. The Golden Nugget AC (three online sites), the Tropicana (two) and Resorts Casino (one) operate the other state-licensed sites. None of the Atlantic City casinos have themselves confirmed that they or specific sites that they operate were among those attacked, though anecdotal reports on player forums indicate that NJ.PartyPoker.com was again one of those targeted.