LONDON – Call it the gambling industry's dirty little secret. Hackers are sabotaging online casinos with greater regularity, security and gambling experts say, in some cases scamming large sums of money from the gaming firms.
Last week, CryptoLogic Inc., a Canadian software company that develops online casino games, said a hacker had cracked one of the firm's gaming servers, corrupting the play of craps and video slots so that players could not lose.
The company said that for a few hours during the disruption in late August, 140 gamblers racked up winnings of $1.9 million.
The games were altered so that every roll of the dice in craps turned up doubles, and every spin on the slots generated a perfect match, the company said.
"In the case of slots, it was coming out cherries across the board," CryptoLogic spokeswoman Nancy Chan-Palmateer told Reuters on Monday.
She added the security breach affected two of Cryptologic's 19 casino operating licensees; she would not disclose the two site operators.
The winners were permitted to keep the money as it is believed they had no hand in the hack attack. She said: "It is likely the intruder was somebody with inside information of our system." CryptoLogic is cooperating with investigators.
CryptoLogic is liable to absorb $600,000 of the misappropriated winnings, as a $1.3 million insurance claim will cover the remainder.
CryptoLogic may have been lucky. It was able to detect the security breach early on, minimising the losses. In other cases, coordinated hack attacks have knocked out sites for longer, security experts say.
In some of those instances, the intruders have gone back to the victims, demanding extravagant sums in exchange for guarantees the attack will not recur, experts say.
"No one is going to say it's happened, because that's bad for business. But there is anecdotal evidence," said Steve Donoughue, managing director of The Gambling Consultancy in London.
Neil Barrett, technical director for London-based Information Risk Management, concurred, saying that over the past year his e-security consulting firm has been contracted to shore up a half-dozen casino operators that had fallen victim to such hack attacks. "It's become one of the most common fraud scams," Barrett said.
Barrett and Donoughue say some recent blackmail attempts have been traced to groups from eastern Europe that they say could have ties to organised crime.
"I've seen well engineered hack attacks coordinated with very well engineered extortion attacks coming from Leningrad," Barrett said.
CASINOS VULNERABLE TO ATTACKS
The hack attacks come in a variety of forms. Some hackers unleash crude "denial of service" barrages, which disable the targeted site with a flood of information requests.
If timed right - such as just before a big sporting event when the wagering activity is at its highest - a denial of service attack could rob a big betting site of millions of dollars worth of bets.
In other examples provided by security experts, the culprit breaks into a casino's computer server and alters the computer programming code to generate more winning payouts, as was the case with CryptoLogic.
There have been also been incidents in which shell gambling sites are created. Customers of such sites register with their credit card details and the operators plunder the credit card account, Donoughue said.
The incidence of Internet fraud has hit every sector of online commerce from banking to shopping sites. But casino attacks are considered a ripe target for hackers who are enticed by the large number of casinos still operated in poorly policed jurisdictions such as the Caribbean, and by the large number of wagers they handle.
A number of industry groups say online gaming is currently a $1.5 billion industry expected to grow to as much as $6 billion in the next 18 months.
"There are a number of groups trying to make money by hacking," said Donoughue. "Where would you go? I'd go to dodgy online casinos. Their customers aren't going to complain."