Extortionists attack Paddypower.com
Irish on-line betting site Paddypower.com is the latest high-profile Web property to suffer a denial of service attack from malicious users bent on extortion.
The company confirmed that its Web site was temporarily off line for a number of hours on Wednesday evening (Feb 4) as a result of interference from a distributed denial of service (DDoS) attack.
According to Paddy Power, the problem was experienced by several other on-line bookmakers and represented a malicious attack that attempted to block legitimate customer access to the site by bombarding it with a high volume of messages.
The company stated that there was no interference with the integrity of customer data, nor to the site itself. Furthermore, there was no material loss to the business as a result nor did any customer suffer any loss.
Paddy Power said it is currently working with its ISP, telecommunications suppliers and other on-line bookmakers to protect betting sites in the event of a reoccurrence. Apparently, the attack was motivated by an attempt at extortion.
"As with many denial of service attacks, here was an attempt by the perpetrators to secure payment to end the message flow. No payment was made and the incident is now under investigation by UK police technology experts. Paddypower.com is operating normally and as a matter of courtesy all on-line customers have been advised of the incident," a spokesperson for the company said.
This is not the first time such an attack has been launched against a gambling Web site. Several US bookmakers were forced offline due to denial of service attacks during the recent Super Bowl weekend. Furthermore, a report from IDG claims that several on-line betting sites were forced to pay protection money to keep their gambling operations on-line and pressure from criminal elements was stepped up during the run in to the Super Bowl.
Denial of service attacks have been in the news of late. The recent MyDoom worm prompted infected PCs to launch an attack on Unix developer SCO, while another variant launched an attack on Microsoft. Denial of service attacks operate by bombarding a Web site with a huge amount of requests. An effective attack will essentially bring a site's operations to a halt. Denial of service attacks usually cannot compromise a Web site in any way other than effectively taking it offline for the duration of an attack.