William Hill Latest Target of DDoS Attacks
The online gambling world was hit by another Distributed Denial of Service (DDoS) attack this week, as UK bookmaker William Hill has seen its internet services disabled by some outside perpetrator. The attack began Tuesday and seems to still be keeping some of the company’s services down.
This writer does not have a Will Hill account and therefore is unable to check the company’s poker software, but williamhill.com and hilliamhill.co.uk are inaccessible right now – Thursday evening on the United States east coast – from a web browser. I am also unable to ping the sites or the IP addresses they use, getting the typical four requests timing out.
The company released a brief statement to the media on Wednesday, which read:
The online services of William Hill were intermittently impacted during the course of yesterday following distributed denial of service activity by third parties. This follows a significant increase in DDoS activity experienced by a number of online companies over recent weeks.
While the attempt at disruption is ongoing our technical teams were able to restore services last night. We apologies for any inconvenience caused to our customers.
Without getting into too much technical detail (one, to shield you from boredom and two, to shield me from the embarrassment of potentially being very wrong), a Denial of Service attack is a cyber-attack in which someone renders the targets machine or network unusable. It’s not a hack – nobody is stealing anybody’s account info or credit card numbers – but rather an effort to essentially crash a network or servers. Generally what happens is that the perpetrator floods a network with communications requests, so many so that the network simply can’t process them quickly enough and gets bogged down. A “Distributed” Denial of Service attack sends these requests from multiple sources around the world. This is even nastier because while the network or server will likely have security processes in place to weed out the bogus requests, when they are coming from all directions, it becomes that much harder to filter out the legitimate ones. The network eventually gets paralyzed by all of this to the point of shutdown.
DDoS attacks made news recently as Dyn, a Domain Name System (DNS), provider was victimized. What Dyn does as a DNS provider is essentially map website domain names to their IP addresses. This allows you to type in “flushdraw.net” rather than having to remember a cryptic IP address. The DDoS sent DNS lookup requests from tens of millions of IP addresses; these are nasty enough when they come from one IP address, but trying to block the attacks from tens of millions takes a Herculean effort. The attacks made such sites as Amazon, Netflix, and Twitter inaccessible to millions of people in the United States and Europe.
On Wednesday, William Hill also posted a notice about the DDoS attack on Twitter, saying, in part, “Since the activity started on Tuesday, our online services have not been available to 100% of their usual capacity and many customers have been struggling to log on, place bets and make other transactions. Our technical teams are working round-the-clock to bring us back up to full strength and you the service you’d expect from William Hill.”
The company also tweeted less formally, “It’s been a long night. We’ve got some services back but we’re still not at 100%. Thanks for patiently letting us get back on our feet.”
And later, “We’re calling it a day but we know it’s not been our best. Techies will be working through the night & Live Chat will answer your queries.”
Distributed Denial of Service attacks are nothing new in the online gambling world. Of particular note are the trials of the Winning Poker Network (WPN). In December 2014, attempted to host its first Million Dollar Sunday tournament, an ambitious million dollar guaranteed tourney for a relatively small network, one of the only offshore networks that still accepts U.S. customers. WPN was hit by a DDoS attack shortly after the tournament began and eventually CEO Phil Nagy decided to cancel the tournament and refund players’ buy-ins and fees. The tournament successfully ran the following February.
WPN scheduled more Million Dollar Sunday tournaments starting in September of last year, the first of which was targeted once again by a DDoS attack. It caused some problems including disconnections and table freezes, but the network’s staff eventually got things under control. Nagy went on Twitch to let players know that the attacks were even trying to extort the network into paying Bitcoin to make the attacks stop.