Super Bowl fuels gambling sites' extortion fears

Online sports sites worried by plague of denial-of-service attacks

"This is almost identical to a Mafia protection racket," said Dave Matthews, site administrator of Las Vegas Advisor, an online publication serving the gaming industry. (See: http://www.lasvegasadvisor.com.) "It's the same as going into the store and saying 'pay me and I'll guarantee your store won't burn down for a year.' It's just more high tech."

The DDoS attacks plaguing online sports books began over a year ago, with intermittent attacks against larger sports book operations such as Pinnaclesports.com and Caribsports.com, Raviv said.

"At first it seemed like every week they chose one target and you'd hear about a sports book going down," he said.

In the last four months, however, the volume of attacks and the number of sports books attacked have both increased. DDoS attacks are now an almost daily occurrence against at least one online sports book, and pressure is mounting as Super Bowl Sunday approaches, Matthews said.

"Just this weekend there were six or seven books attacked at the same time," he said.

Those targets included www.bluegrasssports.com and www.betcascade.com, a reputable sports book that is used by many professional gamblers, Matthews said.

Bluegrasssports.com could not immediately respond to questions, and a spokesperson at Betcascade.com declined to comment.

However, many online sports books' home pages show evidence of the attacks. Some now highlight toll-free numbers for placing bets and offer advice to bettors who cannot place wagers using their Web browser.

"Both phone and Internet traffic will be at a maximum on Sunday and we still do not know what the Internet Pirates next move will be," reads a message on the homepage of Betcascade.com. The site lists phone numbers for wagering "if for what ever reason the Internet connection is un-available."

These attacks are part of a new trend of e-commerce business extortion, including financial services companies as well as online gaming sites, according to Paul Lawrence, general manager at Top Layer Networks Inc. of Westboro, Massachusetts, which sells technology to thwart DDoS attacks.

The problem was unheard of a year ago, said Felicity Bull, a spokeswoman for the U.K.'s National High Tech Crime Unit. Now the agency is investigating several extortion attempts against U.K. companies, all involving sports betting.

Online sports books have borne the brunt of the DDoS attacks and extortion attempts in recent months because the sites are attractive targets, Lawrence said.

Unlike large financial services companies, most online sports books are small operations that often lack technical expertise. They are also flush with cash. Larger sites might keep anywhere from $300 million to $400 million on hand to cover bets, Las Vegas Advisor's Matthews said.

The extortionists are also aided by the fuzzy legal status surrounding online sports betting operations, which are often located in Central America or the Caribbean to escape U.S. laws against sports betting, Matthews said.

Because they are located outside U.S. jurisdiction, the companies have little legal recourse against the extortion attempts, Matthews claimed.