That DDoS Thang, Again (888poker Edition)
In a repetitive act on a recurring theme, the industry’s wave of DDoS (Distributed Denial of Service) attacks keeps rolling on. Victim number seven (of those sites and networks that have acknowledged the attacks, is 888poker, which has suffered a spate of attacks since around September 5.
The 888poker attacks generated a few headlines because the site was ramping up for one of its major series, which started on Thursday and runs through next Sunday. However, not to belabor the obvious, this is nothing new. Since DDoS attacks became a thing and that was at least 15 years ago, it’s been the design of the extortionists and blackmailers to amplify their threats by making the attacks just prior to major events.
Since September is historically the busiest month for online poker traffic, and since many, many sites offer major tournament series in the early fall, it’s easy to see why whatever attacker or attackers behind the traffic floods chose this period. Guess when online sportsbooks are most likely to suffer DDoS attacks? Yep, that’s in January and the first couple of days of February, just before the NFL’s Super Bowl, the biggest single-day wagering event on the planet.
Perhaps not coincidentally, and writing from the US perspective, those days and weeks prior to the Super Bowl are also when American authorities like to announce sweeping raids and indictments against illicit sports-betting operations. While we may see less of that as the legal US sportsbetting market expands, it still illustrates the point: Increased traffic means increased attention, including that bestowed by low-life blackmailers.
But moving back to 888poker. Add to the list, which since early August now includes America’s Cardroom (Winning Poker Network), partypoker, PokerStars, DraftKings, PaddyPower, and Winamax. No doubt there are others as well.
888poker manager Sean McGlashan released a brief statement via a large English-language poker forum about the technical difficulties, which read as follows:
As many of you may already know, we have experienced intermittent disruptions of our service to you due to DDoS (Distributed Denial of Service) attacks. This has affected our ability to provide you with a comprehensive poker experience. On behalf of the team, I apologise for the inconvenience caused and want you to know that the entire 888poker Team continues to work diligently to mitigate these attacks. Addressing technical issues, outstanding member concerns and restoring normality to our poker room is our top priority. As you can imagine, our contact volumes are much higher than usual; therefore there may be delays in our responses. We appreciate your patience and understanding as we continue to work to get our service to you.
But really, there’s nothing new there. Apologies, check, Mitigation, check. Uncertain downtime, check that too.
One of the ongoing issues with the DDoS attack thing is that it’s always been such a low-cost, low-risk thing for criminals to attempt. The flip side of that is that it’s also low-reward: Back in the early days of online gambling it wasn’t unheard of for a site to pay a little bit of “go away” money, but in these days of corporate belt-tightening, increased competition and stricter oversight, it’s far more often the case that sites fight back, until the attacker or attackers fatigue and seek a softer target.
Perhaps — and it could exist already, for all I know — the world’s online gambling operators ought to assemble a shared, global list of known attacking ISP addresses, and just preemptively ban all of them. Such a list would have to have high thresholds to avoid false positives, and there are other practical pitfalls. Clearly, though, some outside-the-box solution is needed.