On July 2, a cyber attack was coordinated against several New Jersey-based gambling websites and continued throughout the July 4th holiday weekend.
At least four online casinos were affected and experience downtime, and we placed on alert as the State Division of Gaming Enforcement commenced their investigation.
Although this is the first time the country had seen an attack on online gaming websites, it isn’t the first time that hackers have targeted casinos. Back in 2014, Sands Casino in Las Vegas had experienced an IT catastrophe that led to the shutdown of PCS and servers, wiping many of their hard drives clean. Bloomberg Business writers Ben Elgin and Michael Riley explained that this wasn’t an Ocean’s Eleven heist; someone had a personal vendetta against the company, specifically CEO and majority owner Sheldon Adelson.
Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security, later disclosed that they believe this digital conflict was perpetrated by Iran. Many feared that this was the beginning of a cyber war, as the nation’s enemies discovered a way to injure American companies to the point that it would incite a government response. Surprisingly, Sands had managed to keep most of the details of the incident under wraps for almost a year. At the time, it was the biggest strike on US corporate infrastructure, prior to the Sony Pictures Entertainment hack from last November.
Fast forward to this year’s July 4th weekend, David Rebuck of the State Division of Gaming Enforcement Director confirms that there was a Distributed Denial of Service (DDOS) attack, where the 30-minute downtime occurred due to the hackers flooding the sites with data, rendering the them inoperative. Atlantic City’s Bill Hughes Jr., head of Cybersecurity of law firm Cooper Levenson, compares the attack to a traffic gridlock, where “the parkway becomes a parking lot.”
The hackers threatened to launch a more powerful attack within 24 hours and revealed they would sustain this breach unless the casino operators paid a ransom to be paid in bitcoins, an internet currency that has proven popular with online criminals even though it does have its legitimate uses. Luckily, no further attacks were reported to the State Division of Gaming Enforcement. While gambling was legalized in Atlantic City in 1976 according to information portal Mayfair Casinos, online casinos had only been legal since 2013 which makes this strike rather sudden.
Sudden, maybe, but not random. Rebuck tells NJ.com that they have an idea of who was behind this hacking incident, saying that this individual is a known actor and has a history of this types of attacks. Rebuck did not divulge any more details of the perpetrator, along with the websites impacted and amount paid in ransom.
Despite the occurrences in the past year, University of Nevada’s Center for Gaming Research Director David Schwartz says that American online casinos are still not a major target for hackers, unlike gaming sites hosted on servers outside of the country which usually have a demand for ransom.