Online gambling: A hackers’ paradise? By Luke Haward, CDC Gaming Reports June 29, 2018 at 2:00 am Cybercrime is a huge, sprawling and multi-faceted mess, a lot like the Internet itself. Opportunities for malfeasance abound and policing crime is a living nightmare. Technology is evolving at a rate beyond which anyone effectively keep up with it. Only the anti-hackers – cybersecurity pros and advanced system administrator who have some real white-hat wizardry –stand much of a chance of keeping up with the hackers. Even then, gaps in IT security are only revealed once they’ve already been breached. It’s a constant game of catch-up. Some hackers come to justice. Some can actually be ethical – even activist – in their choice of targets and objectives. Then again, many are simply self-driven criminals who happen to have the know-how and are opportunistic. If it can be done, do it; if it’s available, get it. The hackers’ natural inclination is toward anything that has a pulse and is a money-making machine. The output is captured and dumped elsewhere. Hence, the natural marriage of online gaming and hacking is now happening more and more, this time with cryptocurrency and the banking systems as well. Some would probably say, “it’s fair game.” Still the presence of ruthless, determined, anonymous cybercriminals must be enough to keep many a gambling CEO awake. Think back to the attack a couple of years ago which targeted more than 2,500 gambling sites simultaneously. This wound up affecting countless organizations thanks to an exploit, or vulnerability, found in the website certification service run by the Gaming Professional Webmasters Association (GPWA). The service provides certification badges to gambling sites. This opening resulted in hackers being able to plant ads and affiliate links. Investigators later noted that they didn’t understand the use of such an elaborate and advanced system to simply skim affiliate money, suggesting that they felt malware or something equally nefarious was likely also being distributed in the process.We know now this is going to be an ongoing battle, one in which the stakes will only get higher and the techniques more invasive and harder to detect. There were a slew of stories last year featuring an anonymous Russian hacker, “Alex,” who claimed to have cracked the PRNGs (pseudorandom number generators) of various Novomatic slot machines. He attempted to get a settlement – an extortion, you might say – out of Novomatic’s owner Aristocrat, who refused to pay. Reportedly, “Alex” is still angling for a deal with the company. Hackers aren’t the only ones imagining apocalyptic scenarios involving online gambling. The U.S. government ran a war games simulation on a similar topic in 2016, reportedly simulating a 2015 attack on Louisiana’s power grid by the hacker group Anonymous. The Defense Advanced Research Projects Agency, who ran the experiment, further suggested that the purpose of the attack had been to protest the lack of legal online gambling in the state and to attempt to force the local administration to pass new laws. This seems both bizarre and strongly improbable, but it must have been fascinating for participants. Darktrace, arguably the global leader in AI-driven cyber-defense, released a report featuring a case study involving hackers who had stolen a brick-and-mortar casino’s high roller database by accessing the main server via a smart thermostat in the fish tank. All of this adds up to a future with many cyberattacks in the offing for gaming operators in the years ahead. Reports from last December indicate there is growing interest on the Dark Web about hacking the leisure and gaming industries. In particular, a report compiled at the time by security firm Intsights indicated that they had uncovered, over one-month, 86 cases of hacked slot machines and 141 sales of gaming logins with existing balances, and other related crimes. Security firms dealing with cybercrime are going to have their work cut out in the years ahead. Business is booming. In 2013, two Polish hackers were arrested in the UK for an attack on a gaming operator whom they had known personally for a number of years. In Belarus, a player somehow managed to access and win jackpots on the same virtual machines across three sites – Casino Europa, VA Bank and Grand Casino – ultimately withdrawing about $400,000. Playtech claimed that any possible hack would be “counter to the fundamental principles of the programming algorithms”. This, however, didn’t stop it happening. The future of cybercrime and cyberpolicing will only get more complex as technology encroaches further into daily life. We should probably knuckle down and prepare for a veritable hacking extravaganza. How current tech trends play into that – AI, crypto, etc. – we’ll have to wait and see. But it’ll certainly have its popcorn moments.