A hacker performed a cyber attack on at least four online casinos in New Jersey the Thursday before the July 4th holiday resulting in the iGambling networks being sent offline.
According to the New Jersey Division of Gaming Enforcement (DGE), the Distributed Denial of Service (DDoS) operation caused four unnamed sites to go dark for approximately 30 minutes.
“The attack was followed by the threat of a more powerful and sustained attack,” said David Rebuck, director of the DGE.
Rebuck added that the hacker demanded a ransom to be paid in Bitcoin, the digital currency that is the favorite among international criminals.
Congestion on the Garden State Parkway during the summer months is a given, but traffic at the state’s online casinos hasn’t been so steady.
While the World Series of Poker is providing an expected boost to Internet card rooms in Nevada, New Jersey’s downward iPoker trend has continued to slide in the wrong direction.
Last weekend, partypoker and Borgata’s flagship Sunday $50,000 guarantee became the $40k guarantee, and the $10k guarantee dropped to $7,500.
And things weren’t any better for the Jersey’s leading Internet card room, as 888poker’s $10,000 guarantee fell short with only 41 players paying the $200 buy-in.
The players continuing to compete at online poker in New Jersey were likely surprised last Thursday to discover traffic had flooded the networks to the point of causing them to go offline. Of course, that’s the very nature of a DDoS attack, sending thousands of data requests to flood the targeted system to essentially overwhelm the available bandwidth.
Though it’s the first time New Jersey Internet casinos have been the victims of a successful targeted DDoS, the activity occurs more frequently at offshore sites.
In April, several of the leading online gaming properties, including that of PokerStars, the world’s biggest Internet card room, suffered similar attacks.
For at least two days, players experienced what PokerStars labeled as “technical difficulties,” though related issues were being experienced at other iGaming sites.
DGE officials aren’t identifying their suspected perpetrator, only saying the man of interest is a “known actor” and has “done this before,” according to Rebuck.
Since the DDoS lasted just a half-hour, it’s also unknown whether the hacker’s ransom demand was met, or if a larger, more disruptive attack is forthcoming, as the criminal warned.
But Rebuck said the threat was to occur within 24 hours if the Bitcoin demand wasn’t fulfilled, meaning either investigators have located the offender and disabled his computer system, or he simply wasn’t capable of performing a more powerful assault in the first place.
Along with the DGE, the FBI and New Jersey’s State Police and Office of Homeland Security and Preparedness are investigating. And as far as gambling goes, the safer bet is assumedly on the side of state and federal investigators over the lone wolf.
The attack didn’t seem to compromise any player’s bankroll or private data, but it’s certainly a strong reminder for the need of regulated and secure online gaming market.
The number of DDoS incidents among online poker sites doubled in 2014, per a report from Lars Kollind, senior iGaming executive for Nexusguard, a network security firm with offices around the world.