Melbourne Cup is 'top op for hacked camera DDoS extortionists'

"The race that stops a nation" could also stop betting agencies if the regular barrage of timely distributed denial of service attack (DDoS) extortionists utilise insecure embedded devices, Akamai says.

The Melbourne Cup, scheduled for 3pm (AEDT) on Tuesday, is the richest two mile handicap race in the world with prize money of A$6.2 million. Few Australians work on the afternoon of the race, which attracts over A$100 million in wagers.

The race has also been a traditional haunt of DDoS attack extortionists who each year send betting agencies letters demanding payment to avert a packetised pummeling.

Industry experts say the attacks have ebbed in recent years with the rise of more effective anti-DDoS measures, plus greater networking capacity within betting companies.

This could change with the rise of massive internet-of-things botnets that utilise the small but horribly insecure devices to help slam packets into targets of an attacker's choosing.

Fleets of these infected cameras and routers were most recently used to cripple DNS provider Dyn, knee-capping vast chunks of the internet.

Akamai cyber security chief strategist John Ellis says DDoS extortionists could use the same botnets to revitalise their attacks against betting agencies ahead of events like the Cup.

"We do see the attacks, and defeat the attacks, and I've never heard of anyone paying out," Ellis told Vulture South, adding that about one in 10 DDoS extortions during the Cup results in an attack.

"The [DDoS attacks] are part of normal operating procedure and they (betting companies) know they are going to have shakedown.

"What I'm interested in is, off the back of Dyn, how quickly attackers can build capability."

Ellis says the large betting providers are likely protected from most distributed denial of service attacks, but smaller companies are at risk.

He says internet-of-things botnets within Australian borders could slip under defensive radars and be difficult for some providers to block.

One former local hacker, formerly of a major Australian betting agency, said DDoS attacks while expected were not successful against large providers due to massive bandwidth capacity.

"Bookies wait until the very last moment before making a bet, and that creates a huge traffic spike," he says.

"Betting companies are running heaps of full-on transactions so they need to be able to handle spikes."

He says DDoS extortionists will often hit betting companies immediately after the Cup to hone their attacks for the next major sporting event.

Betting companies are well prepared for failure. Technical staff have multiple redundant gear and equipment ready to rip and replace hardware in the event of issues.

Security professionals have told this reporter in unconfirmed reports that smaller agencies assume paying off extortionists is just the price of doing business on Melbourne Cup day. ®