The online poker industry may be feeling jittery this week at the news of the existence of a powerful new type of Distributed Denial of Service (DDoS) attack, the source code of which has just been made public.
DDoS attacks render a website temporarily non-operational by overwhelming its servers with meaningless traffic.
They usually come with a ransom demand promising the resumption of normal service once the required money is paid, and gambling companies have recently become the number-one target of such attacks.
In fact, tech security company Akamai said in its recent “State of the Internet” study that the online gambling sector now accounts for some 50 percent of all these illicit attacks.
Most Powerful Attack Ever Seen
DDoS attacks are nothing new. They’ve plagued the industry since its very early days, but have escalated in scale and potency in recent years. The new code, known as the Mirai malware code, is far beyond the scale of anything witnessed before, and it was recently published on hacking community HackForums.
Mirai apparently harnesses the power of thousands of Internet of Things (IoT) devices, from security cameras to digital video recorders, making them contact a central server, or botnet, thereby greatly boosting the strength of an attack.
Mirai’s first known victim was digital security news portal KrebsOnSecurity, which was knocked offline for 24 hours in September by the most powerful DDoS attack ever recorded. Krebs was flooded with requests at a volume of 620-gigabit-per-second (Gbps), almost twice as high as anything previously seen by Akamai Technologies, the company that also happens to protect KrebsOnSecurity.
Here, There, and Everywhere
“Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, senior security advocate at Akamai, told Krebs. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks, they were everywhere.”
But the worst was yet to come. Just days later, French web hosting company OVH reported that its site was hit by two attacks, the first one reaching an unprecedented volume of 1.1 terabits-per-second (Tbps).
Last year, it was revealed that members of a hacking group called DD4BC launched DDoS attacks against PokerStars, Neteller and Betfair. Meanwhile, New Jersey Division of Gaming Enforcement Director David Rebuck said that the New Jersey online gambling sector had been targeted for the first time.
The fear is that the industry may be in line for a new wave of attacks, far more powerful than anything ever felt before.