New Jersey’s legal Internet casinos are on heightened alert this week after a coordinated cyber attack against four online gambling sites Thursday, New Jersey’s top casino regulator said Monday.
The sites were hit by “a DDOS attack which lasted approximately 30 minutes” and caused some sites to become inaccessible Thursday afternoon, State Division of Gaming Enforcement Director David Rebuck said in a statement, using shorthand for “Distributed Denial of Service” – a breed of cyberattack where hackers render websites inoperable by flooding the sites with data.
“The attack was followed by the threat of a more powerful and sustained attack" to occur 24 hours later, unless a ransom was paid in bitcoin, an online currency, Rebuck said.
He declined to name the affected casinos but did say that no ransom was paid and no patron data was compromised. A criminal investigation is ongoing, he said.
Bill Hughes Jr., who heads the cybersecurity section of Atlantic City law firm Cooper Levenson, likened a DDOS attack to driving in North Jersey rushour traffic. “So many cars are trying to get through. There’s gridlock,” he said. “The parkway becomes a parking lot. A DDOS attack is something similar to that.”
In this case, “it sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner,” said Hughes, a former trial attorney for the Computers and Finance Section of the U.S. Department of Justice's Antitrust Division. “It appears that the system worked here.”