Winning Poker Network Hit by DDoS Attack

The Winning Poker Network (WPN) has once more been a victim of a Distributed Denial of Service (DDoS) attack. This crime comes over a busy Labor Day weekend where America’s Card Room was running a number of big tournaments.


Bad Timing

The DDoS attack began on Thursday 31st August hitting the Winning Poker Network’s flagship site America’s Card Room at the worst possible time. Planned for the weekend was the “Bigger Online Super Series” (BOSS) of tournaments which was ultimately cancelled in the end.

DDoS attacks are one of the most frequent cybercrimes we hear about today. The perpetrator is usually aiming to gain financially in return for ceasing the attack, and allowing the website to return to normal operations. It is also possible to sometimes irreparably damage the website under attack if a ransom is not paid.

One of the reasons these attacks are so common is that it is not even a skilled hack. All that happens is the attacker sends a massive amount of communications to a server, in effect causing a traffic jam, and the hardware simply cannot cope.

After the attack began on Thursday all running tournaments were immediately paused, and customers were informed of what was happening. Only 30 minutes later a decision was taken to refund all buy-ins and cancel all running tournaments.

Once this had happened everything returned to normal just a few minutes later, but shortly after another round of attacks started; this was to last almost three full days.


Bitter Rivals?

Winning Poker Network CEO Phil Nagy had some harsh words for those responsible when he took to his TwitchTV channel during the attack.

“Over the last three days, we’ve had 26 separate attacks with up to 14 million IP addresses pointed at us. Sick numbers, in my mind.”

As one of the main players for US facing poker sites ACR is an obvious target. Nagy even publicly confirmed that this could be the work of a rival site, but refused to give the media a name when pushed. He just thinks that by not rolling over and venting his complaints publicly it’s less likely this will happen again soon.

“I’m going to be investing a significant amount of money that should lessen the impact should we get attacked.”

“I’m seriously considering offering a reward, 10 Bitcoin or something. Something really big to anyone who can give me proof of who has been ordering these attacks.”

That’s pushing $50,000 at today’s Bitcoin value, so somebody will surely be on the case soon.


Change of Strategy?

It’s difficult to know what strategy to advise when facing these threats day-in-day-out. Phil Nagy is adamant he’s not going to start handing over cash.

“I’ve always taken the stance that you never, ever, ever pay a terrorist. It’s just not going to happen.”

He even asked players to respond to the attacker who would type announcements in the chat boxes every now and then, but he almost certainly wasn’t expecting the reply that came. When told to get out of his mom’s basement and find a real job, the response was

this is my job
another site give me money
for doos you
and i ddos you

: D
this is my job

Is this 100% confirmation of a rival site’s complicity? The person who typed that message later gave a countdown to when the next attack would begin. Phil Nagy thinks it is likely this character is indeed the real perpetrator.

“This guy is obviously not the most reputable source, but it makes sense.It costs money to launch these attacks, they’re not cheap. And they started when we launched our first million. It makes sense that I pissed somebody off.”


Not the First Time

Of course, this isn’t the first time ACR has been hit under the WPN umbrella. In late 2014 a DDoS attack ruined what was the first $1 million guaranteed tournament for US players after the events of Black Friday. Even though the tournament had been running for several hours registration was still open which meant that the rules insisted upon a full refund of everyone’s buy-in.

In September 2015, the exact same tournament was targeted, with another spate of attacks following in October.

Could this really be a corporate rival? Many poker sites are making too much money to risk being tied into serious crime such as this, but of course in what is often a high-reward business people can get greedy. It also seems a little strange that ACR has taken more of these hits than anybody else.


Hong Kong also Hit by DDoS

In April 2017, a large number of Hong Kong based gambling websites were attacked in a DDoS style. For a full week, hackers that appeared to be from China sent wave after wave of attacks forcing most of the sites offline.

What made this event stand out was that the attack was so ferocious that Hong Kong actually topped the world rankings for DDoS attacks for that time period. The USA almost exclusively has this top spot to itself for the rest of the time.

Another reason for this to stand out is that five days before the attacks started the Chinese Public Security Minister Guo Shengkun threatened gambling operators with “severe punishment” if they targeted the population in mainland China.

Apparently, there is only one single Hong Kong based gambling operator that has the necessary licenses, meaning that everybody else is likely to be a network of crooks. Of course, we don’t know if the Chinese government is involved here, but if the people behind these rogue sites are untouchable through the usual channels then this looks to be an effective way to annoy them.

It is also true that just because the attacks looked to be coming from China does not mean this is the original source. Who knows how many layers we need to examine before we find out who is in actual control of this network of computers.