Hackers Clean Up in Online Casino Attacks

But there is anecdotal evidence,” said Steve Donoughue, managing director of The Gambling Consultancy in London.

Neil Barrett, technical director for London-based Information Risk Management, concurred, saying that over the past year his e-security consulting firm has been contracted to shore up a half-dozen casino operators that had fallen victim to such hack attacks. It was able to detect the security breach early on, minimising the losses.

A number of industry groups say online gaming is currently a $1.5 billion industry expected to grow to as much as $6 billion in the next 18 months. But casino attacks are considered a ripe target for hackers who are enticed by the large number of casinos still operated in poorly policed jurisdictions such as the Caribbean, and by the large number of wagers they handle.

In some of those instances, the intruders have gone back to the victims, demanding extravagant sums in exchange for guarantees the attack will not recur, experts say. Hackers are sabotaging online casinos with greater regularity, security and gambling experts say, in some cases scamming large sums of money from the gaming firms. “It’s become one of the most common fraud scams,” Barrett said.

CryptoLogic is liable to absorb $600,000 of the misappropriated winnings, as a $1.3 million insurance claim will cover the remainder. Some hackers unleash crude “denial of service” barrages, which disable the targeted site with a flood of information requests. Customers of such sites register with their credit card details and the operators plunder the credit card account, Donoughue said.


“No one is going to say it’s happened, because that’s bad for business.

There have been also been incidents in which shell gambling sites are created.

If timed right – such as just before a big sporting event when the wagering activity is at its highest – a denial of service attack could rob a big betting site of millions of dollars worth of bets. In other cases, coordinated hack attacks have knocked out sites for longer, security experts say. “Where would you go? I’d go to dodgy online casinos.

“I’ve seen well engineered hack attacks coordinated with very well engineered extortion attacks coming from Leningrad,” Barrett said.

In other examples provided by security experts, the culprit breaks into a casino’s computer server and alters the computer programming code to generate more winning payouts, as was the case with CryptoLogic.


The games were altered so that every roll of the dice in craps turned up doubles, and every spin on the slots generated a perfect match, the company said.

The winners were permitted to keep the money as it is believed they had no hand in the hack attack.

Last week, CryptoLogic Inc., a Canadian software company that develops online casino games, said a hacker had cracked one of the firm’s gaming servers, corrupting the play of craps and video slots so that players could not lose.

The hack attacks come in a variety of forms.

She added the security breach affected two of Cryptologic’s 19 casino operating licensees; she would not disclose the two site operators. Their customers aren’t going to complain.”


Barrett and Donoughue say some recent blackmail attempts have been traced to groups from eastern Europe that they say could have ties to organised crime. She said: “It is likely the intruder was somebody with inside information of our system.” CryptoLogic is cooperating with investigators.

“In the case of slots, it was coming out cherries across the board,” CryptoLogic spokeswoman Nancy Chan-Palmateer told Reuters on Monday.

The incidence of Internet fraud has hit every sector of online commerce from banking to shopping sites.

“There are a number of groups trying to make money by hacking,” said Donoughue.

CryptoLogic may have been lucky.

The company said that for a few hours during the disruption in late August, 140 gamblers racked up winnings of $1.9 million.

LONDON –  Call it the gambling industry’s dirty little secret

Leave a Reply