GPWA Times Magazine - Issue 5 - May 2008

31 HOW SECURE IS YOUR ONLINE BUSINESS? By Alistair Nield, VP of Sales, Webscreen Systems _________________________________________________________________________________________ s an industry that is so fundamen- tally rooted in the Internet era, online gaming has for many years been a prime target in the sights of the cyber-criminal fraternity. As far back as 2002, Europay, MasterCard’s European partner, was reporting that 20 percent of all online fraud was related to gambling, which translated into 5 percent of the total for all credit and debit card fraud at the time. With the introduction of chip and pin authen- tication technology pushing more card fraud online since then, card-not-present fraud levels just in the U.K. alone reached around £300m for 2007, according to the industry association APACs. Thanks to regular mainstream publicity, we are probably all too familiar with the prob- lems associated with card fraud and are very likely to know victims personally. But this is just one of an ever-growing number of in- creasingly sophisticated security problems that the online gaming industry should be concerned about that potentially threaten ev- eryone with a vested interest in seeing the industry develop and grow as a legitimate business sector. In February of this year, and as reported in the Casino City Times , Full Tilt Poker’s FTOP VII Main Event was stopped in the final stages of the game when their servers lost connec- tion with the Internet along with a number of other high-profile poker and e-commerce Web sites. The outage resulted from a distrib- uted denial of service (DDoS) attack, which is a malicious and orchestrated attempt to flood the servers of a target organization with ex- ternal connection requests beyond the capac- ity of the system. This type of attack exploits a vulnerability that is present in all Web servers; i.e., there is a finite limit to the number of active visitors that a Web site can handle at any one time without impacting the performance and re- sponse time for page requests. Once this lim- it is reached, the servers dramatically slow down and eventually stop functioning. Ini- tiated using an army of previously hijacked computers known as botnets, DDoS attacks are difficult (but not impossible) to defend against and can cause serious damage to the victim’s business in a relatively short time. DDoS is a growing weapon of choice used by organized groups to target vulnerable Web services, particularly when an outage could result in millions of dollars in lost revenues. Unlike card fraud, DDoS is not so widely known outside the professional IT security sector, and often the first time someone hears about it is when they try to access a favorite Web site that is under attack. Perpetrators rely on the fact that their vic- tims are anxious to get back online as quickly as possible to minimize their losses and of- ten choose to accede to the attacker’s ransom demands, which is usually the bottom line, rather than risk losing more valuable trading time. Once back online, many businesses are reluctant to go public because they are afraid that others might try the same trick and that their vulnerability might unsettle their cus- tomers and drive them to their competitors’ sites. Online gaming is particularly vulnerable to DDoS attacks not only because of the vast sums of money that are being transacted at any given moment, but also because a large proportion of gambling opportunities are A How secure is your online business? | GPWA TIMES