Feeds

Online casinos hit by bot armies

Don't bet against money laundering robots

High performance access to file storage

Botnets are fulfilling law enforcement fears that online casinos could prove fertile ground for money laundering, according to a recent, little-noticed report by risk compliance firm Fortent.

Some are engaging in variations of an old casino scam, in which preprogrammed-to-lose bots transfer dirty money - obtained through stolen credit cards, illicit drug sales or whatnot - to a chosen winner. Others flood a room and conspire to defraud a legitimate player by leveraging the mathematical advantage inherent in knowing more of the cards. Another scam involves spamming a known player in the hopes of stealing password and account information, and then bleeding the account dry through the fraudulent games described above.

Fulltiltpoker.com apparently got hit by a botnet attack recently and refunded money to the defrauded customers. A USA Today tally last month estimated that $2.5 mil to $3.5 mil per year are laundered this way.

"We are definitely seeing activity by bot-herders in online casino games, which is something we hadn't seen before," Symantec security analyst Zulfikar Ramzan noted.

We've generally been skeptical of allegations that the online casino industry would make a good platform for widespread money laundering, primarily due to the ready-made trail left by the transactions. However, the use of botnets is more problematic, due to the fact that until recently botmasters had not been targeted by the FBI, and the actual computers involved belong to innocent third parties.

Money laundering can theoretically be accomplished through many types of transactions - for example, by selling phony merchandise on eBay and transferring the money without delivering anything at all. It's therefore questionable just how much more susceptible cybercasinos are than other online businesses to money laundering. Risk compliance companies like Fortent or AccuitySolutions have products to push, after all. However, the fact that the US authorities have driven much of the online gambling and payment processing activity underground raises serious concerns about just how secure some of these sites are.

Not that gamblers are a risk-averse group, of course.®

Burke Hansen, attorney at large, heads a San Francisco law office

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.