DDoS Attacks in the News — Weekly Round-up for September 8, 2017

Mobile DDoS Headaches Could Lie Ahead For Online Gambling Operators

WireX recently took over 70,000 mobile phones in more than 100 nations to conduct DDoS attacks

Online gambling operators are warned that they could face an augmented Distributed Denial of Services (DDoS) threat in the future following the news that a new Android botnet dubbed WireX was recently able to take over 70,000 mobile devices in 100 countries to mount criminal DDoS attacks.

The Google Play app store was obliged to purge around 300 apps suspected of being tainted by the malware following a series of attacks, some of which included demands for ransom from the targets.

The infected products escaped undetected until the attacks commenced in August this year because the WireX malware was deeply embedded in everyday apps offering ringtones and the like.

These normally harmless apps run in the background, waiting to be mobilised by the botnet for DDoS assaults, in which targets are taken offline by an avalanche of data that overwhelms the servers.

Winning Poker Network Hit By DDoS Attack

48 hours of stress for operator, but assault successfully mitigated

A determined series of Distributed Denial of Service attacks took place late last week on America’s Cardroom and its Winning Poker Network, stretching from Thursday into the Saturday of the Labor Day weekend holiday and disrupting player services and tournaments.

It is not known whether there were attempts to extort money from the company, but the attacks were successfully mitigated and players appropriately compensated.

One of the positive features of the incident was ACR’s first class player communications throughout; the company kept players in the picture with regular Twitter and social media posts.

Winning Poker Network Exec Details DDoS Attack (Update)

Possibility that a business rival hired botnet to carry out assault

Last week’s Distributed Denial of Service attacks on internet poker provider America’s Card Room (see previous InfoPowa report) may have been at the behest of an as yet unidentified business rival, according to a player report on his contact with the anonymous hacker behind the attacks.

Pressed on why he didn’t get a real job, the botnet controller reportedly said that his job was DDoS and that he had been commissioned by another online poker operator to conduct the attacks.

“This is my job; another site gives me money to DDoS you,” the attacker apparently claimed.

How accurate that is may be open to question, because America’s Cardroom has been subjected periodically to such assaults and accompanying extortion attempts since 2014, with CEO Phil Nagy well known on social and other media for his “no deals with DDoS extortionists” policy.

Nagy took to Twitch this week to talk about the most recent America’s Cardroom-Winning Poker Network outage, revealing that the attackers launched 26 separate assaults late last week and over a 48 hour period.

“We had 14 million IP addresses pointed at us,” he said.

For WPN’s large online poker community the DDoS attacks have adverse implications too; Nagy announced that he has had to cancel the third leg of his company’s popular OSS Cub3ed series due to the risk of again coming under attack during a major competition.

The company is investing in enhanced security measures, and once these are established the event will be rescheduled.

View Nagy’s rather rambling thoughts on this issue here: