Online betting sites fight cyberextortion
By Jon Swartz, USA TODAY
Online gambling sites are betting on tighter security after a recent wave of computer attacks from cyberextortionists plunged several into darkness.
Shadowy hackers demand $20,000 to $50,000 for protection from distributed denial-of-service attacks, which flood a Web site with data so that it is overloaded.
BetWWTS.com in Antigua was forced to pay $30,000 when hackers shuttered its site and thousands of its customers couldn't place wagers worth an estimated $5 million, CEO Simon Noble says.
It's one of the lucky ones. Since the attacks started a few months ago, a handful of smaller operations have gone out of business or abandoned Web sites in favor of phones to avoid the problem.
"These sites rely on transactions with clients every few seconds. You disrupt that, and you've got major problems," says Michael Caselli, editor of Online Casino News. "A bank, by comparison, can shut down its site for an hour or two."
Now, online gambling operators are bracing for a new batch of threats for college basketball's March Madness tournament, which starts next week.
Online gambling sites are fertile territory for extortionists. Many of the approximately 2,000 sites are vulnerable to hacking attacks and have little legal recourse because Internet gambling is illegal in the USA, security experts say.
Great Britain's National Hi-Tech Crime Unit, which is investigating cases with other law-enforcement agencies, says the problem appears to be confined to gaming sites. But some security experts fear it could spread to banking and other industries that are reluctant to report computer breaches.
The FBI had no comment.
International gambling sites raked in $5.7 billion last year, with projections of $11.6 billion in 2006, says Christiansen Capital Advisors, a New York consulting firm that studies the gaming industry.
Gangs of computer crooks allegedly operating out of Eastern Europe have collected protection money from 10% to 15% of the companies they have threatened, says DK Matai, executive chairman of security company MI2G.
Most issue ultimatums in e-mail messages in the days leading to major sporting events, such as the Super Bowl. Often, threats are issued after an attack, demanding that American currency be sent to a Western Union office.
BoDog Sportsbook & Casino in Costa Rica was forced to pay more than $20,000 last fall when hackers immobilized its site, says Rob Gillespie, the company's president.
Since then, it has fortified its site with security products from Riverhead Networks and other tech firms. It withstood a hack attack during Super Bowl weekend.
"You want to yell an obscenity at your PC screen when you get an e-mail threat," Noble says. "These guys are dangerous
