Security

DraftKings rides to court, asks to unmask 10 DDoS suspects

Fantasy sports outfit looks to hunt down group that bombarded its site

By Shaun Nichols in San Francisco

12 SHARE

A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.

DraftKings, based out of Boston, MA, has filed [PDF] with the Massachusetts US District Court for authorization to force ISPs around the US to turn over the identities linked to 10 IP addresses it believes were behind the August 8 attack.

DraftKings runs a daily fantasy sports service (which it notes is not considered gambling. Customers pay to play daily games where they assemble a ‘team’ of players from a given pro sports league, then collect points (and cash prizes) based on how the players performed that day in the actual games.

Because the games are played out anew each day, DraftKings said that the 26-minute DDoS on August 8 caused it significant damage from a loss of business and the subsequent cleanup of its systems.

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

READ MORE

“During this time, the attack prevented legitimate DraftKings users from actively engaging with the DraftKings Website,” the complaint reads.

“As a result of the attack, plaintiff’s personnel spent several days containing the attack and mitigating further potential damage from the malicious attack.”

Shortly after the attack ended, security staff were able to attribute the DDoS to 36 different IP addresses located mostly in various parts of the US. Now, DraftKings is asking the court to issue an order that would allow it compel seven different ISPs, hosts, and networking companies to hand over logs and user data they hope will lead them to ultimately unmask the 10 people believed to be behind the attack.

Among the third-parties whose info is being sought are internet giant Google and telcos Verizon and T-Mobile as well as cloud provider ColoCrossing, the American Registry for Internet Numbers, and service provider NetActuate.

Should DraftKings be able to unmask the attackers, the company plans to sue each for violation of the Computer Fraud and Abuse Act. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

Bloke hurls sueball over Google's 'is it off yet?' location data slurping

Ad giant 'intentionally complicated' opt-out systems

FCC boss slams new Californian net neutrality law, brands it illegal

Weiner unloads on American Pai over crony capitalism

Can we talk about the little backdoors in data center servers, please?

Black Hat Remote management a double-edged sword, IT admins warned at hacking conference

What would Jesus sue? The FCC, it seems

United Church of Christ not serene about Sinclair media ownership rule relaxation

Ex-Intel exec Diane Bryant exits Google cloud

Could Chipzilla replace Brian with a Bryant?

Alexa muted, Twilio taps out, and Bitbucket kicks the, er, bucket amid AWS data center hiccup

Ah, the stable and reliable cloud

Uncle Sam drags feet on govt data center cull

Not enough agencies tightening their belts, say auditors

Running Cisco DNA Center? Update right now to get rid of the static admin credential

Switchzilla scrambles out patches for trio of nasty flaws

Facebook in the dock: Web giant faces trial for allegedly ripping off data center blueprints

Zuck's Open Compute Project stole our designs, claims Brit biz