DDoS Attack Wave Targets Multiple Poker Sites
Distributed denial of service (DDoS) attacks have again become a topic of interest in the poker world after three separate series of such attacks targeted two major international sites and a grey-market, US-facing offering, all since the start of August. Two giants of the online-poker world, partypoker and PokerStars, have been targeted in the past week, shortly after an attack on the grey-market site America’s Cardroom (plus its parent Winning Poker Network), took place less than two weeks ago.
Each of the three sites suffered a wave of intermittent attacks lasting roughly three days, another indicator that the attacks are linked. Such attacks have been a reoccurring bane of the online gambling world for the better part of two decades, with blackmail the most common motive for the attacks. The general concept is that the attacker(s) launch a flood of data requests against their intended victims, usually using many thousands of “zombie” computers spread around the globe; those attacking computers have often previously been infected by online viruses and are then temporarily commandeered by the attackers to join in the attacks.
Modern hacking and DDoS software is reportedly sold at affordable prices in some of the internet’s darker corners, and that affordability, along with a new level of anonymity afforded the blackmailers — who often demand payment in Bitcoin or another crypto currency — have ensured such attacks haven’t died out in recent years. Online gambling sites and networks have been a long-favored target of the extortionists, with the attacks often hitting during major revenue-generating events. Online sports-betting sites were among DDoS attackers’ earliest targets, with the days before the NFL’s Super Bowl or during the FIFA World Cup being examples of stretches when such attacks were often launched.
That theme of attacking a site during its busiest stretches to thus incentivize its owners to pay the blackmail has often been seen during the attacks against the grey-market site, America’s Cardroom (ACR). ACR has seen several of its Online Super Series (OSS) attacks disrupted by DDoS attacks the past few years, and that occurred again recently. ACR began its latest OSS series on August 5, and the attacks began later that same day.
ACR and WPN execs have vowed never to give in to the blackmailers’ demands, and there was that strange episode a year ago when an attacker showed up in ACR’s table chat, and when challenged by players, declared that he was launching the attacks on behalf of another site. WPN CEO Philip Nagy soon made those attackers’ claims public, though they’ve never been proven, nor have the attacks against WPN and ACR abated.
While ACR’s grey-market status and lack of legal retaliatory options may make the site an extra-inviting target, other sites have been targeted as well. Just a day after the ACR/WPN attacks appear to have ceased, market giant partypoker came under the gun, in multiple waves of attacks starting on August 9th. As with ACR, partypoker quickly clued in its player base to the ongoing attacks via social media, and, as we reported last week, took the extra step of offering a corporate apology for the downtime and the several days it took to manually process the many thousands of refunds to affected tournament players.
This writer also received a separate statement from partypoker player rep and social specialist, Colette Stewart, who said: “The recent DDoS attacks were very unfortunate; however, we feel the team have done their very best to communicate and respond to as many of our players as possible during this very frustrating time. We greatly value our relationship with the player community and feel it is vital to be as open and transparent with our players as possible during such issues and, most importantly, ensure that we are available for player feedback and communication.
“In refunding affected players, we have ensured that every single cent collected in buy-ins, bounties, and fees has been refunded to players in addition to honoring the guarantees of tournaments that didn’t make the required entries due to the issues faced.” Stewart’s full statement to this writer is available here.
As with the attacks targeting ACR, partypoker appears to have been under the gun for about three days, from August 9 until late on August 11 or early on August 12. And then, in turn, the malicious software attacks appear to have been turned against global online poker market leader PokerStars. Unlike ACR or party, Stars at first did not admit that an extended DDoS attack was in progress, instead using a well-worn “technical issues” euphemism while not responding to an initial request for comment. Nonetheless, the fact that a DDoS or similar attack was occurring was painfully obvious to hundreds of thousands of the site’s players, and yesterday (August 15), the site admitted on social media that it was indeed the latest attack victim.
As with the other targeted sites, PokerStars has take efforts to mitigate the effects of the attacks. Unfortunately, much of that mitigating effort can’t be counter-launched until such an attack is already underway. Such attacks invariably result in considerable loss in both revenue and labor for the victimized sites, and that appears to have been the case this time as well.
Will more sites be targeted in the coming days and weeks? That’s one of the most obvious questions, besides that of who’s behind these latest attack waves. The more of these attacks that occur, the more likely it is that the perpetrators will be identified and brought to justice. We can all hope that such justice comes to these extortionists sooner, rather than later.