Many betting companies work hard to assure customers that their sites are secure - but how safe are they really? We take a look at the hackers who may be disrupting the betting industry.
Figures from 2021 show that a staggering 15,600,00,000 worldwide gamble on a regular basis, whether it's visiting a casino, playing the lottery, playing sloty, or placing a wager on an online betting site. With these kinds of numbers, it’s no wonder that betting companies prioritize security - with many spending huge amounts of money every year to try to ensure that they are able to protect their assets and those of their customers.
To do this, betting companies use increasingly sophisticated technology to protect their businesses but, unfortunately, any tech that is available to these companies is also accessible by criminals and, in this article, we shine a light on the cybercriminals who are finding their way into the gambling industry.
Clear and present danger
In March 2022, it was revealed that an advanced persistent threat had been identified which targets betting and gambling organizations in South East Asia, with a focus on Taiwan, the Philippines and Hong Kong. The campaign, which has been nicknamed Operation Dragon Casting utilizes, according to cybersecurity company, Avast, a set of malware applications described as ‘robust and modular’.
What is an advanced persistent threat ?
This is a term used to describe a stealthy threat by a nation state or state sponsored group which seeks to gain unauthorized access to computer networks while remaining undetected for a significant length of time. Due to the fact that these often fly under the radar of authorities for some time, these attacks can pose a considerable threat to businesses and individuals.
A sophisticated operation
In the case of the threat in South East Asia, cybercriminals leveraged a previously unknown flaw in the remote code of the WPS office suite and then took advantage of this vulnerability in order to create a fake server update in order to deposit malicious binary code. This triggered a chain of infections which subsequently allowed the criminals to gain access to sites. Jan Holman of Avast says, ‘The core module is a single DLL that is responsible for setting up the malware’s working directly, loading configuration files, updating its code, loading plugins, beaconing to servers and waiting for commands’.
While the Asian attack was particularly complex, it’s by no means unique. In fact, hackers make their way into betting sites more often than most people would imagine. Last year, six major betting companies - Bet365, Betfair, SKybet, BetVictor, Paddy Power and William Hill were targeted by fraudsters who made their way into one customer’s account and stole almost almost £8000 from the couple in just a few short hours.
It was revealed that the theft resulted from a fairly simple phishing attack as one of the victims explains, ‘We had a number of emails from betting companies telling us our passwords has been changed - the fraudsters had changed the email to one that was very similar to ours - and updated the bank details before withdrawing the money. Someone had managed to answer our security questions too’.
A one man crime spree
While you may be thinking that hacking and cybercrimes are carried out by teams of technical geniuses, this is not always the case. In 2021, 26 year old Grant West from London netted around £1.6 million from hacking a number of high street businesses, including bookmakers Coral and Ladbrokes.
The crime, which was described as ‘a wake up call for customers, companies and the computer industry’, was carried out through a phishing scam whereby West posed as food delivery company ‘Just Eat’. Having conned the customers out of their cash, West then stashed it away into cryptocurrency accounts to try to avoid detection. Jailing him for 10 years, Judge Michael Gledhill commented, ‘You have a deep and impressive knowledge of computers and if you had decided to use your abilities lawfully, I have no doubt that you would have had a very successful career’.
While attacks on betting companies are rare, using these gambling sites may not always be as safe as one might assume. That’s not, however, to say that these sites should be avoided. In most cases, betting companies take their security incredibly seriously and are committed to protecting their customers. In the meantime, customers can minimize their personal risk in a few ways:
- Emails - Never respond or click on a link in an email which is asking you to take action such as confirming your bank account details. If you receive an email purporting to be a betting site, get in touch through the site’s official customer service to ask if the email came from them - most companies will never ask for any personal details by email or text.
- Be selective - Only use gambling sites which are established and which have a good reputation. You can check this with a quick Google search to see what other users have said about the site.
- Settings - Whenever you sign up to a website, you should always check your settings to keep these as private as possible.
- Payment - Where possible, use a secure method of payment such as Paypal or cryptocurrency to minimize the risk of losing your hard earned cash if the site is hacked.
- Contact - If you use sites for gambling and other activities whereby you share financial information, you may want to think about setting up a separate email address. This can help as, even if your email is hacked, the fraudsters will have access to limited information.
With the best will in the world, there’s really no such thing as a hack-proof website and attacks can be devastating for gambling companies such as those mentioned here. Although customers can - and should - take steps to protect their own accounts, many feel that gambling companies should be putting more security measures in place - not only to prevent theft of their customers’ funds but, also, to protect themselves from breaches of the GDPR legislation which can result in costly legal action.
In the pre-internet days, gambling was a much simpler affair. In many cases, customers would visit a local betting shop and place a cash bet, so the only risk was being robbed on the way there. Similarly, the risk to the business itself was generally limited to physical theft from the shop’s tills.
These days, technology has made our lives easier in many ways but, it can also leave customers and businesses vulnerable to crime such as hacking. Thankfully, as we’ve mentioned, these attacks are rare and, as long as customers try to stick to well known businesses, they can be reasonably assured that their cash - and their details - are safe.
If you do, however, feel that you have fallen victim to a hacking crime, it’s important to take action quickly. Start by documenting and screenshotting all relevant evidence of a crime and then forward this to the police. You may also want to consider hiring a solicitor who will be able to advise you on the best course of action in terms of geting your money back and, perhaps, gaining compensation.