A wave of Distributed Denial of Service (DDoS) attacks targeting major online poker and gambling sites has at times impaired the functionality of several of those major sites in recent days. According to a report at the Shadowserver Foundation, the first tracking entity to report on the attacks, affected poker sites have included Full Tilt Poker, Titan Poker and CD Poker, with the casino-games portion of operations at PartyGaming and Virgin Games also affected.
A DDoS attack impairs a website's capability by attacking its web servers, usually by flooding those servers with traffic from many thousands of different locations at once. One illicit method for implementing a DDoS attack involves the use of remote computers infected with a virus or other latent code; upon activation, these otherwise innocent computers are then incorporated into the "bot net" used in the attacks on the targeted site.
Several of the major sites were reported as being down or as suffering slow response times while the recent attacks were in process, though none of the affected sites have, to date, issued a release on the matter. An examination made by the group (which maintains its watchdog site at shadowserver.org) uncovered a total of 32 different online gambling domains which had been attacked from February 10-18, 2008. An unusual number of the sites were smaller Russian-based (.ru) gambling sites, despite the attacks on the larger entities such as Full Tilt and Titan Poker. All of the above-mentioned sites have, according to the research published by Shadowserver, taken countermeasures designed to combat the attacks being made upon them.
A later report also indicated that the "command and control" server orchestrating the attacks had been taken offline after its "upstream" service provider had been notified, thereby short-circuiting the attacks. Such a solution, of course, does not preclude new attacks from starting from a different, relocated web server.
The Shadowserver Foundation speculated on the purposes of the attack, writing this in their report: "Why are they doing this? That we do not really know. This could be a range of tests that precedes an extortion attempt. Perhaps someone is paying to have the websites of the competition brought down? We do not have any real way to tell at this point. What is clear though is that several gambling websites are being brought down."
The episode is not the first time that DDoS attacks have been mentioned in connection with online-gambling websites. Anecdotal tales about extortion-based DDoS attacks or threats thereof have reached discussion boards in recent memory, including a threatened attack against one or more unnamed sports-betting sites in the weeks preceding last year's Super Bowl.