The spate of distributed denial of service (DDoS) attacks that have been levied against a handful of online sites over the past two months continues rolling from target to target, with French giant Winamax among the latest to suffer from the traffic-crippling, extortion-based attacks. Unfortunately for Winamax, this latest episode is itself a two-fer, as the site already experienced a wave of such attacks earlier this month.
As we’ve noted in the past, such DDoS attacks have a long, long history in online gambling and online poker, though why there’s been this recent uptick remains unknown. Such DDoS attacks have traditionally been the work of one or a small handful of cyber criminals, usually moving from target to target in search of a corporate victim who’s blissfully unaware that giving in to blackmailers’ demands is thus an example of submitting to the “tragedy of the commons“, and hence, would be a really bad business practice. That’s why most victimized sites don’t give in to such attacks, because there’s absolutely no guarantee that once tabbed as an easy mark, the same or other attackers won’t try to extract more payments, again and again.
Regarding who’s behind these attacks, no one’s yet sure, in the public sense. Daily fantasy sports provider and nouveau US online sportsbook DraftKings is another of the recent victims, and that company started a legal unraveling via the tracked IP addresses behind those attacks that hints at a Romanian connection. Unfortunately, and at the risk of sounding provincial, such attacks have long been the province of loosely policed (in the cyber sense) eastern European and Russian countries. One notorious cyber-criminal group was called the Russian Business Network and operated under the protection of that country’s government for many years, though that group may or may not be involved in the latest attacks.
There’s also the question of why now, regarding these online-gambling targets. What originally looked to be the latest in a long series of DDoS attacks targeting the US-facing, grey-market Winning Poker Network last August now appears to have morphed into this industry-wide attack wave. In addition to Winamax (twice) and WPN/ACR, known recent DDoS victims include PokerStars, partypoker, 888Poker, PaddyPower, DraftKings, FanDuel, and others. A recent graph put together by a prominent poker-traffic tracking site — we’re intentionally not linking to it — suggests that eight of the ten largest sites globally have been the subject of an attack over the past several weeks.
For Winamax, which is a big, big deal in France and Spain, the repeat attack is indeed unusual, even if the response is a bit of the same-old-same-old stuff. Winamax didn’t offer any updates on the latest attacks on its home-site blog, but did post a statement on social media. Roughly translated, here are some of the important points.
“Unfortunately, the tournaments will not resume tonight,” the first site statement acknowledged, “once again, our sincerest apology, a night that has been ruined for us as much as for you.
“In the interest of fairness, and so that disconnected players are not harmed compared to those who can play, Winamax voluntarily interrupts all of these tournaments.
“These acts called DDOS in computer jargon are unfortunately common on the internet and are entirely beyond our control. No quality of Winamax servers or the quality of our computer security is questioned by these attacks. … Neither the quality of servers Winamax, nor the quality of our computer security is questioned by these attacks. They have no impact on funds and player data, which are fully secured. Players injured by the termination of our services will be fully refunded according to article 3.2 of our Terms of Use.”