Gambling Sites Battle DDoS Attacks

the-dark-kangaroo writes "Gambling sites are fighting back against extortion from hackers using Distributed Denial of Service (DDoS) attacks. According to the report released by the BBC many of these attacks are coming from infected home PCs which have succumbed to a worm or virus. The gambling sites are bringing in reinforcements: Pipex, Cisco and security firm Energis are creating 'intelligent' traffic monitoring systems to help stop these attacks."

I try and try..

[XaXXon]

But I just can't feel too sorry for them.

I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.

Re:I try and try..

[LordNightwalker]

Yah, and I'd feel sorry for them if they'd play nice and stop writing worms to crawl blogs and paste poker spam in the comments. You wouldn't believe the amount of spam I had to clear from my blog comment area already. Imagine my surprise when I saw the same poker spam in the comments of every single post in my blog on some computer graphics project I'm working on... Feel sorry for them? Not really.

Re:I try and try..

[really?]

Two wrongs=right?? To each his own I guess.

Re:I try and try..

[John+Seminal]

But I just can't feel too sorry for them. I mean, I know it's wrong, but when you get into that business I'm sure this isn't really that uncommon. Gambling is a shady 'business' in the first place, so if you have to deal with other shady people to keep it going, then them's the breaks, buddy.

Would you prefer to deal with a bookie or a regulated buisness? At least the on-line gambling websites have to pay taxes.

Re:I try and try..

[really?]

Why is gambling a shady biz? I don't gamble myself, but as long as they don't come to my house and force me to gamble, I don't see the shady part.
Tax on those poor at math? Perhaps. But, why shady?

Re:I try and try..

[legoburner]

Though a lot of online casinos do that*, not all do that and it is somewhat unfair to lump all of them in as deserving of the dDoSes.

Some interesting stats about online gambling:
- Those dDoSes hit 2GB/sec. More than Energis' internal network can cope with.
- The primary dDoSers (some russian guys) were caught and arrested last year, there was a /. story about it too
- The mafia have been involved with some US sites, but I know of at least one that got shut down when the entire board of the company got arrested
- The WTO is trying to make the US ban on Internet gambling illegal
- The biggest online casino is israeli-founded/based www.888.com who do multiple billion per month in turnover. You can get house win from that by taking off about 98-99.5%. (turnover counts every value of every spin of a slot machine or every wager, remove the odds of winning % for the house win)

In conclusion, the world does not have the same laws as the US (gambling is perfectly fine in the UK for instance) and some people run responsible gambling sites and still have to put up with all the tiring crap from crackers and dDoSers.

* technically it is their affiliates who do it through affiliate programs, but same difference, they are all guilty and could crack down on it if they wanted.

Re:I try and try..

[WIAKywbfatw]

Sorry but you're displaying your ignorance. Gambling is legal in most societies, and in some (eg, Hong Kong) it's a common activity that the majority of the population enjoy.

Betting on the result of a sporting event, or anything else, via a legally authorised bookmaker is no more shady than having a cup of coffee.

Just because you have this image of gambling that seems to be more to do with smoke-filled secret back rooms where you have to know the password and the guy behind the bar to get in than legitimate, publicly-traded and -scrutinied businesses that doesn't make it a reality.

The gambling sites being DDOSed aren't run by crooks, they're the legitimate and legal online presences of bricks-and-mortar bookmakers as well as internet gambling start-ups.

Re:I try and try..

Dude, you just set variable Two wrongs equal to right. You just turned morality on its head.

Re:I try and try..

[WIAKywbfatw]

Casinos seem morally irresponsible to me, letting people run up debt to the point where they put a burdon on society in order to make a profit. I'm sure this is an argument for another place at another time, but that's how I feel.

I'm sorry, but in the US couldn't you apply that label to hospitals too? Medical bills that run into 5 or 6 figures aren't uncommon and it's a sad fact that the biggest factor in personal bankrupcy in the US is unpaid (and, more importantly, unpayable) medical bills.

And, out of interest, where do you draw the line at what is and what isn't gambling? Is playing the lottery gambling? And in a so-called "free" society, shouldn't you be able to do what you want with your hard-earned cash? Does anyone really have the right to tell you how you can and can't use it to entertain (and possibly enrich) yourself if you're not hurting anyone else in the process?

To be honest, I'm not in favour of unchecked gambling, but then I'm not in favour of unchecked alcohol abuse either, but you don't see church and state bringing the roof down on that ballgame, do you?

Re:I try and try..

[Zooka]

"This is pure BS. Poeple who try to lump Gambling in with true addictions such as drugs and smoking are simply wrong. There is no physical addiction with gambling. You won't go through withdrawl if...."

Your understanding of "addiction" is lacking. While physical dependency on a substance is indeed not the 'exact same thing' as an uncontrollable psychological compulsion, they both CORRECTLY fall under the same general definition of "addiction".

In other words, your opinion that physical addiction is the only "true addiction"... is simply wrong.

http://en.wikipedia.org/wiki/Addiction

Re:I try and try..

[vandan]

Sorry but you're displaying your ignorance. Gambling is legal in most societies ...

Sorry but you're displaying your arrogance. Just because something is legal doesn't mean it is ethical. I could give you plenty of examples, but I'll leave it up to people's imagination.

Betting on the result of a sporting event, or anything else, via a legally authorised bookmaker is no more shady than having a cup of coffee.

What sort of a dim-witted comparison is that? Gambling devastates many people's lives. That makes people who push their gambling 'services' onto us 'shady'. Having a cup of coffee has nothing to do with it.

Just because you have this image of gambling that seems to be more to do with smoke-filled secret back rooms where you have to know the password and the guy behind the bar to get in than legitimate, publicly-traded and -scrutinied businesses that doesn't make it a reality.

You don't need smoke-filled, secret rooms or passwords to have a shady business. You just need to have a deficient conscience, or excess greed, and an online gambling site. Then you sit back and wait for the poor suckers to 'click', 'click', 'click', 'click', 'click', 'click', 'click'. People don't rock up to a gambling establishment and try their luck once. They stay their until they're out of money. You can disagree with me if you like, but every time I go to a casino ( get dragged their by workmates once a year or so ), the above is what I witness.

The gambling sites being DDOSed aren't run by crooks, they're the legitimate and legal online presences of bricks-and-mortar bookmakers

I don't think so. People running gambling sites are far more likely to be dodgy than those in a physical establishment. It's far easier to police a 'real' gambling business than a virtual one, especially since a virtual one can hide it's location and reside in a place that has no regulation.

Also, I get a fucking shitload of SPAM from gambling sites. Right away that says to me that the people running the sites are far from innocent, law-abiding citizens.

You seem to try to make the point throughout your post that because something is legal, that somehow blesses the activity. I suppose the opposite of this is that everything which is illegal is patently evil. Both points are absolutely ridiculous. There are plenty of things which are legal which are evil:

- selling carcinogen-soaked cigarettes
- selling alcohol
- selling weapons
- having a monopoly ( esp. a media monopoly )

Likewise, there are plenty of things which are illegal which are quite harmless ... possibly even good ... and should be legal:

- recreational drugs
- not voting if there's no-one worth voting for ( Australia )
- being a member of the Iraqi resistance

I'm pretty sure that I'd get disagreement on all of the above points. This reinforces my argument that:

- you should never use the law to enforce ethical behaviour in private matters
- you should never use an activity's legal status as an indicator of it's ethical status

Back to the topic of the actual article ... I don't really relate to the DDOSers ( they're probably just other gambling sites or spammers who haven't been paid for their advertising services ), but I couldn't give a toss about the online gambling sites.

Re:I try and try..

[Sircus]

You also don't see "Fly with us! We'll cram you into a tiny seat, next to a fat guy, have former-prison-warder-host(esses) serve you luke-warm food at 3-hour intervals and play a film with anything even potentially offensive cut from it!" ads for airlines. You see wide, open spaces, people sleeping like babies and beautiful hostesses caring for people's every need.

It's common practice to advertise an image of something which bears no relation to reality.

Re:I try and try..

[azaris]

I look at it as a zero sum gain industry. It only re-distributes wealth. It has no wealth creation or real value growth.

Well duh. Most industries today create nothing tangible. Think all of the services you can buy that generate no physical substance. Wash your car for $10, nothing of value is generated. In fact, the act of washing a car consumes large amounts of natural resources in the form of energy consumed and detergents that must be recovered before they are released into the natural water reserves. Does this mean we should abolish all carwashes?

The economy isn't really about creating goods for consumption. Yes, those things are important for sustaining people but in reality as long as there is sufficient natural resources being converted to goods, the rest of the society can just spend their time trading money from one hand to another in exchange for services like gambling. Like it or not, it IS a part of the economy and provides livelyhood for hundreds of thousands.

Many industries such as farming take labor and make a product. Other than entertainment value, gambling has no product.

You can probably come up with a dozen other industries that similarly offer only entertainment.

All gambeling money is re-distributed with no net gain. That's the thing I have against the state lottery or state video poker. The state provides no product and just takes the suckers money.

You can justify all you want, but the truth is that any objection against gambling is purely moral. I'm always amazed at how ass-backward conservative Slashdot is when it comes to things like gambling, but I guess that's the US mentality of "gambling evil" at work.

I would rather see the state earn money by providing services such as affordable broadband such as in Washington State. The state is providing $40/month broadband with telephone and 5 Gig bandwidth. It beats video poker.

Did it ever occur to you that maybe the proceeds from the state lottery are used to subsidize such projects? Duh indeed.

Re:I try and try..

[pk2000]

The most overlooked form of gambling is insurance. You place a bet that your house will catch fire. If it doesn't then you loose your bet. If it does you win!! But your winnings are actually less than the value of the damage.

Great Idea

[IInventedTheInternet]

A moment of silence for the kneecaps of the virus writers if/when discovered.

Where's my violin?

[mizhi]

I know these gambling sites are legitimate companies, but it seems the worms that most people get are advertising either porno shops or gambling shops.

It's difficult for me to feel sorry for gambling sites getting DDoSed.

Legal issues?

[britneys+9th+husband]

Ok, I'm not sure about those other companies that were mentioned, but Cisco is a U.S. company. And internet gambling is illegal in the United States. Now, don't get me wrong, I don't give a shit whether people gamble on the internet, and I see the anti-internet-gambling laws as having as much to do with protecting monopolies as anything else.

Now that I've said that, how is this not a legal issue for Cisco? Surely the FBI, DEA, and assorted other federal agencies would be all over Cisco if they were helping Colombian drug cartels in any way whatsoever. How do they "get away" with it? Aren't they essentially aiding and abetting what in the U.S. is considered a criminal enterprise? I mean, as an individual I can go place bets at some offshore casino and fly under the radar, but a big company like Cisco is going to have a hard time doing that, especially if their help is on the front page of Slashdot and other news sources.

Re:Legal issues?

[LordNightwalker]

Cisco is just working on solutions against DDOS attacks; it's not Cisco's responsibility if that technology is used to protect the Pentagon or some online gambling site. Following your logic, Cisco is already in trouble because those online gambling companies already use Cisco hardware in their setup... And so is Dell, 'coz they made the PCs used by the casino staff, and so is the company who made the bricks for the building their HQ is located in etc...

See how ridiculous it gets if you stop to think about it? ;)

Re:Legal issues?

[wildBoar]

The Colombian cartels are illegal in their own countries as well as in the US, the internet Gambling operations are legitimate companies operating in compliance with their local laws.

It is a big difference.

I'm afraid despite all attempts (wishes) to the contrary the US can't apply any law it likes on any country in the world.

Well, not without invading it first ;-)

Re:Legal issues?

[nrlightfoot]

As far as I'm aware the law commonly cited as making internet gambling illegal in the US is dubiously applied to the internet, and not likely to stand up as covering internet gambling if tested in court. As far as I know there is no legal precedent for the legality of internet gambling. There are however, states which have blanket laws prohibiting any gambling, and then they make specific exeptions to the law for casinos and lotteries and such.

Filtering doesn't save incoming bandwidth

[A1kmm]

The bottleneck is probably bandwidth, not CPU. A network of drones can send traffic in the GBit/s range, and even if these packets are not replied to and the CPU and memory resources can cope, a lot of damage will still be caused.

The only way to make this work is to block traffic at a site far enough back to cope with the level of traffic(and the size of botnets will only grow, so even a reasonably large network company could be knocked out).

NAT

[Underholdning]

I wonder if the ISP's will continue selling solutions where the PC is connected directly to the internet. We've all seen the tests. It takes less than 5 minutes for a Windows PC to be taken over (or 0wned as they say). But - a simple router with NAT helps immensly. Would it help if the ISP's were forced to only sell internet access with at least a router?

Re:NAT

[ZorbaTHut]

Oh, yeah. That'd be great. Instead of having to squeeze the public services I want behind a single IP, I'd just be screwed. That's a real step up.

Encouraged? Sure. Forced? I like having my open static IP, thanks.

Re:NAT

[Anne+Thwacks]

What would really help is Microsoft being forced to sell software that is reasonably fit for the purpose for which it is sold. I seem to recall they mention that Windows is meant for use with the internet - that surely implies that it ought not to be 0wned in 5 minutes.

In the UK, and most probably Europe, it is a very serious offence to sell goods unfit for the purpose for which they are advertised.

Lock them up and throw away the key. Mwa, ha, ha haaar!

Devils advocate...

[John+Seminal]

Many extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid.

Okay, I understand that we're talking about gambling websites. But these same methods can be used to take down just about any website. Society makes the final call on what is legal and illegal. Some might say the hackers are using their ethics to take down a vice. But if that was the hackers goal, why ask for money? Second, the tax revenue gambling generates often goes to schools. By taking them down, it would seem harm is being done in unexpected places. Politicans are responsible for planning funding, and if a bubble bursts, the community is in trouble.

Second, do we want one, or a small group of people, telling society what they can and can't do? What if a group of Jehova's Witnesses hackers decided to remove ALL porn off the web. People would freak out. One man's utopia is another mans hell.

Re:Devils advocate...

[d1v1d3byz3r0]

Gambling revenue, in this case, would not be going to schools as the revenue is not within states jurisdiction. To my knowledge, online gambling sites are illegal to be hosted in the states. So the money is going directly into the pockets of some guy with a Carribean bank account.

Prevention?

[peasleer]

I know Linux based servers have the ability to limit the amount of damage a DOS/DDOS can do. I do it with my server: run daemons as their own user and limit the amount of resources they can use, both CPU and memory. That way, the system may get bogged down, but will never suffer a complete failure from a DOS attack. I am curious as to why some larger sites like the gambling networks aren't using such preventative measures. Are they not effective against larger attacks?

Re:Prevention?

[jwdb]

As someone stated in an earlier comment, the biggest problem is bandwidth. Your CPU may be able to handle the traffic, but when you've got a botnet spanning thousands of computers, sending you traffic in the Gb/sec range, even a serious backbone connection will begin to stutter.

Jw

Hackers

[jnguy]

Why are a bunch of script kiddies being called hackers again?

Legality and Cause

[robdavy]

Firstly, the legality issue is weird to me. I come from the UK were licensed gambling (be it online or in real life) is perfectly legal. I find it rather ammusing that a whole State would ban something like gambling. Anyway, people seem to think that the reason a site dies during a DDoS attack is CPU usage. It's not. It's not related to the servers at all (at least not in the case of big attacks) We were recently hit by a DDoS attack (don't ask) and we were having our 100mb uplink saturated. That's where the problem occured. Our 13 machines could cope with the requests - the pipe couldn't. Even if we went to a Gig uplink (which was considered), they'd simply saturate that. A few hundred compromised machines on DSL/Cable can easily do that. Scary stuff I must admit.

Zzz's Casino

[offpath3]

You can see them going alphabetically through the list with the gambling sites, trying one after another.

We here at Zzz's Casino guarantee no interuption to our service due to DDoS attacks.

Alternative Theory

[Salamander]

On my website 90% of the comment spam was from online poker sites. That added up to hundreds of messages per day that I had to delete, and I know many others had similar experiences. I know I was thinking that they deserve a lesson, and maybe some folks decided to teach them one. While I don't necessarily approve of the method, I fully understand the impulse. Many online gambling sites are run by pricks; I won't shed a tear for them and their self-inflicted troubles any more than I would for the RIAA/MPAA.

Hate It

[CypherXero]

I've gotten SO MUCH spam on my blog and via e-mail about online poker, that I HATE poker now, and I've never even played it. If the gambling sites are worried about DDoS, tell those bastards to stop pissing off the rest of the world.

Addiction

[nuggz]

I don't care about addictions.
It just means the affected person must put out even more effort to overcome it.

Just because some people are sex addicts doesn't mean I shouldn't be allowed to sleep with my wife. (or yours for that matter)