Security

DraftKings rides to court, asks to unmask 10 DDoS suspects

Fantasy sports outfit looks to hunt down group that bombarded its site

By Shaun Nichols in San Francisco

12 SHARE

A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.

DraftKings, based out of Boston, MA, has filed [PDF] with the Massachusetts US District Court for authorization to force ISPs around the US to turn over the identities linked to 10 IP addresses it believes were behind the August 8 attack.

DraftKings runs a daily fantasy sports service (which it notes is not considered gambling. Customers pay to play daily games where they assemble a ‘team’ of players from a given pro sports league, then collect points (and cash prizes) based on how the players performed that day in the actual games.

Because the games are played out anew each day, DraftKings said that the 26-minute DDoS on August 8 caused it significant damage from a loss of business and the subsequent cleanup of its systems.

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

READ MORE

“During this time, the attack prevented legitimate DraftKings users from actively engaging with the DraftKings Website,” the complaint reads.

“As a result of the attack, plaintiff’s personnel spent several days containing the attack and mitigating further potential damage from the malicious attack.”

Shortly after the attack ended, security staff were able to attribute the DDoS to 36 different IP addresses located mostly in various parts of the US. Now, DraftKings is asking the court to issue an order that would allow it compel seven different ISPs, hosts, and networking companies to hand over logs and user data they hope will lead them to ultimately unmask the 10 people believed to be behind the attack.

Among the third-parties whose info is being sought are internet giant Google and telcos Verizon and T-Mobile as well as cloud provider ColoCrossing, the American Registry for Internet Numbers, and service provider NetActuate.

Should DraftKings be able to unmask the attackers, the company plans to sue each for violation of the Computer Fraud and Abuse Act. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

Probe confirms: No attack, just an incredibly unpopular policy brought down feedback site

US senators get digging to find out the truth about FCC DDoS attack

And why serial self-promoter John McAfee is a security expert on Russian hacking

FCC blames DDoS for weekend web lockout

Vid Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists

'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

Austin Thompson, 23, cops to $95,000 worth of damage

So, FCC, how about that massive DDoS? Hello? Hello...? You still there?

Updated Like trying to get blood out of a stone

World's biggest DDoS-for-hire souk shuttered, masterminds cuffed

Webstresser.org taken down by Europol plod and chums

Mozilla accuses FCC of abdicating its role, ignoring comments in net neutrality lawsuit

Legal battle #433 over Pai's push to kill off rules

FCC sets a record breaking $120m fine for rude robocalls

Florida Man gets one hell of a phone bill for nuisance calls

Just a third of Brit cops are equipped to fight crime that is 'cyber'

Bad news if you've been defrauded online

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

600 Gbps traffic flood overwhelmed CDN