Super Bowl fuels gambling sites' extortion fears

In recent years, online sports betting parlors or "sports books" have fast supplanted the shadowy world of "bookies," or professional bet takers in the U.S., Canada and Europe, growing into a multibillion dollar industry, despite official disapproval from Washington, D.C. lawmakers and U.S. religious conservatives.

But with the biggest sports-wagering event of the year, the U.S. National Football League's (NFL's) Super Bowl, just days away, proprietors of many online sports books are worried more about their bandwidth than betting patterns, and wondering whether their biggest day of the year will also be their last day in business.

With little notice by law enforcement or the outside world, online sports betting parlors, or sports books, have suffered a plague of sustained distributed denial-of-service (DDoS) attacks in recent months that have knocked some Web sites offline for days or weeks. Other sites have been forced to pay protection money to keep their gambling operations online, and criminals are turning up the heat in preparation for the NFL's biggest game of the season on Sunday, according to interviews with those familiar with the problem.

"I expect that on Sunday, during the Super Bowl, you're going to see a lot of (sports betting) Web sites down. I know it for a fact. Everybody's scared." said Ido Raviv, company manager at Netgames Inc. of Belize City, Belize, which runs the Yahoops.com online sports book.

The trouble usually starts with an ominous e-mail and a sudden and unmanageable surge in Internet traffic, according to Amran Pena, an information technology consultant in San Jose, Costa Rica, who works with online sports books to secure their networks.

"Your site is under an attack and will be for this entire weekend. You have a flaw in your network that allows this to take place," according to a copy of such an e-mail provided to IDG News Service.

For sports book Web site operators, the e-mail messages offer stark choices:

"You can ignore this email and try to keep your site up, which will cost you tens of thousands of dollars in lost wagers and customers, or you can send us $40k by Western Union to make sure that your site experiences no problems," the message continues.

"They know that if they just send the e-mail, you won't think it's real. You'll trust in your servers and bandwidth. But when you're already down, the effect of the e-mail is much bigger and maybe you'll be more willing to pay," Yahoops' Raviv said.

The amount demanded varies on the sports book's size, ranging from $10,000 for small sites to $40,000 or more for larger operations, Pena said.

Typically, those behind the attacks offer "insurance" for a set period of time to companies that pay the extortion, he said.

For companies that ignore the threats, the online attackers wait for weekends and other high volume betting days to launch DDoS attacks, using thousands of compromised computers on the Internet to flood the target site with traffic, according to Pena, Raviv and others.