Bookie reveals $100,000 cost of denial-of-service extortion attacks

And that's just for starters – an online betting site tells all to silicon.com…

And that's just for starters – an online betting site tells all to silicon.com…

"Our first attack was in November last year. We got a demand for $50,000 from an unidentified source." These are the words of a UK-based online bookmaker who has agreed to speak to silicon.com, on condition of anonymity, to reveal the full scale of the denial of service extortion threats that betting sites have been battling against for nine months.

The above scenario will be familiar to anyone involved in online betting. Someone, usually in customer services, will receive the email demand and they all know what happens next.

"They ask for money and then launch an attack," our source from the IT department of one site told us. "They use a SYN flood attack to kick off with, which is an easy attack to start off with using spoofed addresses [to flood the site]. They then launch a connection-based attack using compromised PCs and launch HTTP traffic from them."

The UK betting industry has agreed to stand firm against the gangs and is ignoring the demands for money, while cybercrime unit the National Hi-Tech Crime Unit investigates. But the attacks still continue – trying to take sites down when they would normally be taking huge volumes of bets for major sporting events.

Our online bookie said the attacks against Blue Square and Capital Sports earlier this week will continue in the run-up to England's big games in the Euro 2004 football tournament, which starts this weekend.

"We think we'll be attacked over the next couple of days. This is what happened before the Grand National when we came under attack on the Thursday before the race," he said.

Far from being sporadic attacks, a picture is emerging of systematic targeting of virtually every UK online betting site on an almost weekly basis.

"Three months ago we were hit by attacks from different parties over a six-week period. Pretty much every Saturday afternoon they would start. Some dissipated within an hour but the last one lasted for two days," our source said. This is backed up by other bookmakers, some of who have admitted publicly and some privately that they have been hit by denial of service attacks several times.

The only success the UK industry's stance has had so far is forcing the extortion gangs to reduce their demands. The pay-off price has now come down to around $25,000. That aside, the attacks show no signs of going away.

"It is just like spreading viruses – there are so many copycats. The only way it will stop is when it reaches saturation point. Once the gangs have been round all the betting sites four or five times and a lower number of sites pay up they will move to a different industry such as travel."

While our source said his site has only actually been knocked offline for two hours, there is still a price to pay. His firm has spent over $100,000 on technology measures to block the denial of service attacks.

This includes rehosting the ISP and a managed service by a Costa Rican company to filter out the denial of service traffic and route only the clean traffic to the site. Twenty thousand dollars also went on a 'doomsday' denial of service simulator from Spirent. And this doesn't even take into account the people resources and loss of revenue from downtime.

But paying up to the crooks doesn't help either. US firm Pinnacle paid up to a demand back in February – much to the glee of every other extortion gang out there. "A month later they've been hit again," our source said.

One of the big problems online bookies face is that their ISPs will just switch them off if the volume of the denial of service attack reaches a certain limit.

"If we get an attack of greater than 400MB our ISP will shut us off. But for an ISP that could probably take out their whole data centre, so that is only fair," he said.

That means until the police catch the gangs – there are believed to be two main ones originating from Eastern Europe who control tens of thousands of compromised PCs – or the gangs get fed up and move on to another industry, the IT departments of online bookmakers will have to be on their toes.

"It's one of the biggest concerns my boss has. It puts the whole department into turmoil when these problems happen. When taking thousands of telephone and internet bets your focus suddenly changes from making more money to 'oh my god let's keep the site up'," he said.