Hacking into online casino: Cautionary tales
There are many casinos, and there are so many attempts to try on a gambling club, taking advantage of gambling rules or exploiting the behavior and performance of slot machines. And if in the case of traditional casinos where it isn't easy to do so now, when speaking about a relatively fresh sphere of online gambling the situation is much different. Owners of this business have yet to develop a guaranteed and effective response to those wishing to cheat them. This article describes a few stories about hacking attacks on online casinos and the implications for them.
Read also: How to avoid casino hacking
Cyber attack on the British online casino server
Two Polish hackers, who initiated a cyber attack on one of the first-string online casinos in Great Britain with in an attempt to blackmail the owner in late 2013, were imprisoned.
At the age of 31, Petr Smirnov together with Patrick Surmachki aged 35 ordered a boss of gambling site to give them 50% of the company's shares, estimated at £30 million by the market standards of the United Kingdom. In case of failing to obey, blackmailers threatened to fully stop the casino's server and eventually destroy it.
According to evidences submitted later in court, four days after the ultimatum was issued and the conditions were not met, hackers started their devastating activities through one of the servers located in the United States. Obviously, the use of fake server should have misled the investigation.
Petr Smirnov and Patrik Surmachki were sentenced to five years and four months in prison. They were also obliged to recover all the material damage caused by the company that owns the online casino server.
An interesting detail in this case was the fact that the owner of the online establishment had personally known both hackers for four years. During this period, Polish programmers thoroughly examined the structure of the online gaming operator's server, and therefore they did not find it particularly difficult to identify its weaknesses and vulnerabilities.
Mass-scale winnings in Playtech
A curious situation occurred with several online casinos, such as Casino Europa, Grand Casino and VA-bank. There were all the jackpots on the slots, all the winners from Belarus, playing the same virtual machines, cashing money out immediately. In total, around $400 thousand has been withdrawn.
The software developer Playtech argues that hacking could not have been possible, so it simply cannot be done because it runs counter to the fundamental principles of the programming algorithms. Pleytech's staff did also not reveal the fact of the break-in in the course of the inspection.
A year after, hackers attacked Canada's Cowboys Casino database and placed a portion of the stolen corporate information on the Internet.
In 2017, the Pastebin file-sharing website contained previously stolen personal information on customers and employees of Cowboys Casino, its investors and financial operations.
Net runners reported that there was no computer security in Cowboys Casino, and all the data was easy to extract. The fraudsters asked the casino management to fix it, but their request was ignored. For this purpose, computer burglars decided to publish the first piece of the data of the planned four editions.
Hackers warned that more data would be dropped soon, and it would continue until the casino increased its net security. Moreover, a new dump of data will be published every week until Cowboys Casino decide to take this issue seriously.
Hackers "won" the jackpot of 150 000 credit cards
The criminals were able to hack into the security of one of the online casinos and won a small jackpot in the amount of 150 000 credit cards.
Hackers of the Fin5 criminal group easily won the jackpot, because it was no work to get into the back-end of the casino. The online gaming site was easy to hack, and any amateur hacker could get into the casino's internal database. If they had taken care of and established at least the simplest protection, it could have prevented the sad result.
Hackers' jackpot came out to be the data of 150 thousand casinos clients, including credit card information. Fin5 hackers, who are considered professionals in their business, created their own hacking code to find credit card data for any organization's customers. Using this code, FIN5 aims at hacking the organization's credit data. They are very careful not to use security mechanisms in which any transactions are immediately blocked.
Researchers say that the Fin5 attacks stopped after casinos made minor changes to their site, including adding two authentication and registration to the system.
Fraudsters are keeping a course on Bitcoin
Within last few years, a hacking group calling itself DD4BC have been breaking in the banks' websites for ransom in Bitcoin cryptocurrency. The group was spotted in mid-2014, but has so far remained unreachable to the police.
The name DD4BC is decoded as "DDoS for Bitcoin", which is an attack on the enterprise's site for the purpose of receiving Bitcoins. The cyber hooligans initially had a goal to take over mining companies, stock exchanges, and online casinos attacked by them. However, the team has recently shifted to the financial sector in Europe, the United States and Australia. The purpose of hackers is to get their hands on banks, brokerage, and automated clearing houses. To date, the group has carried out almost 150 attacks, 58% of which directed at financial service providers.
Initially, hackers carry out kind of a demo attack lasting less than an hour and alerts the media. The victim then receives an electronic letter requesting a ransom from 25 to 100 Bitcoin and an indication of the time of payment. In the event of a failure to pay, new wave of powerful DDoS attacks are covering the site, and the sum of the indents increases.
Read also: 7 ways to steal your Bitcoins