Security

DraftKings rides to court, asks to unmask 10 DDoS suspects

Fantasy sports outfit looks to hunt down group that bombarded its site

By Shaun Nichols in San Francisco

12 SHARE

A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.

DraftKings, based out of Boston, MA, has filed [PDF] with the Massachusetts US District Court for authorization to force ISPs around the US to turn over the identities linked to 10 IP addresses it believes were behind the August 8 attack.

DraftKings runs a daily fantasy sports service (which it notes is not considered gambling. Customers pay to play daily games where they assemble a ‘team’ of players from a given pro sports league, then collect points (and cash prizes) based on how the players performed that day in the actual games.

Because the games are played out anew each day, DraftKings said that the 26-minute DDoS on August 8 caused it significant damage from a loss of business and the subsequent cleanup of its systems.

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

READ MORE

“During this time, the attack prevented legitimate DraftKings users from actively engaging with the DraftKings Website,” the complaint reads.

“As a result of the attack, plaintiff’s personnel spent several days containing the attack and mitigating further potential damage from the malicious attack.”

Shortly after the attack ended, security staff were able to attribute the DDoS to 36 different IP addresses located mostly in various parts of the US. Now, DraftKings is asking the court to issue an order that would allow it compel seven different ISPs, hosts, and networking companies to hand over logs and user data they hope will lead them to ultimately unmask the 10 people believed to be behind the attack.

Among the third-parties whose info is being sought are internet giant Google and telcos Verizon and T-Mobile as well as cloud provider ColoCrossing, the American Registry for Internet Numbers, and service provider NetActuate.

Should DraftKings be able to unmask the attackers, the company plans to sue each for violation of the Computer Fraud and Abuse Act. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

Probe confirms: No attack, just an incredibly unpopular policy brought down feedback site

US senators get digging to find out the truth about FCC DDoS attack

And why serial self-promoter John McAfee is a security expert on Russian hacking

FCC blames DDoS for weekend web lockout

Vid Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists

FCC tosses aside rules, treats Google to a happy ending following request for handy tech

Comms watchdog lets Chocolate Factory power up with special waiver

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'

Fed bust of massive attack network caused traffic loads to plummet in Q4

So, FCC, how about that massive DDoS? Hello? Hello...? You still there?

Updated Like trying to get blood out of a stone

'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

Austin Thompson, 23, cops to $95,000 worth of damage

World's biggest DDoS-for-hire souk shuttered, masterminds cuffed

Webstresser.org taken down by Europol plod and chums

Grumble Pai: FCC boss told by House Dems to try the novel concept of putting US folks first, big biz second

Snotagram accuses comms regulator chief of being a Useful Ajit for telcos

China Mobile, you can kiss good Pai to America: FCC to ban 'spy risk' telco from US

Welcome to the free market as defined by right-wing politics