January 28, 2004, 4:25 PM — In recent years, online sports betting parlors or "sports books" have fast supplanted the shadowy world of "bookies," or professional bet takers in the U.S., Canada and Europe, growing into a multibillion dollar industry, despite official disapproval from Washington, D.C. lawmakers and U.S. religious conservatives.
But with the biggest sports-wagering event of the year, the U.S. National Football League's (NFL's) Super Bowl, just days away, proprietors of many online sports books are worried more about their bandwidth than betting patterns, and wondering whether their biggest day of the year will also be their last day in business.
With little notice by law enforcement or the outside world, online sports betting parlors, or sports books, have suffered a plague of sustained distributed denial-of-service (DDoS) attacks in recent months that have knocked some Web sites offline for days or weeks. Other sites have been forced to pay protection money to keep their gambling operations online, and criminals are turning up the heat in preparation for the NFL's biggest game of the season on Sunday, according to interviews with those familiar with the problem.
"I expect that on Sunday, during the Super Bowl, you're going to see a lot of (sports betting) Web sites down. I know it for a fact. Everybody's scared." said Ido Raviv, company manager at Netgames Inc. of Belize City, Belize, which runs the Yahoops.com online sports book.
The trouble usually starts with an ominous e-mail and a sudden and unmanageable surge in Internet traffic, according to Amran Pena, an information technology consultant in San Jose, Costa Rica, who works with online sports books to secure their networks.
"Your site is under an attack and will be for this entire weekend. You have a flaw in your network that allows this to take place," according to a copy of such an e-mail provided to IDG News Service.
For sports book Web site operators, the e-mail messages offer stark choices:
"You can ignore this email and try to keep your site up, which will cost you tens of thousands of dollars in lost wagers and customers, or you can send us $40k by Western Union to make sure that your site experiences no problems," the message continues.
"They know that if they just send the e-mail, you won't think it's real. You'll trust in your servers and bandwidth. But when you're already down, the effect of the e-mail is much bigger and maybe you'll be more willing to pay," Yahoops' Raviv said.
The amount demanded varies on the sports book's size, ranging from US$10,000 for small sites to $40,000 or more for larger operations, Pena said.
Typically, those behind the attacks offer "insurance" for a set period of time to companies that pay the extortion, he said.
For companies that ignore the threats, the online attackers wait for weekends and other high volume betting days to launch DDoS attacks, using thousands of compromised computers on the Internet to flood the target site with traffic, according to Pena, Raviv and others.
"This is almost identical to a Mafia protection racket," said Dave Matthews, site administrator of Las Vegas Advisor, an online publication serving the gaming industry. (See: http://www.lasvegasadvisor.com.) "It's the same as going into the store and saying 'pay me and I'll guarantee your store won't burn down for a year.' It's just more high tech."
The DDoS attacks plaguing online sports books began over a year ago, with intermittent attacks against larger sports book operations such as Pinnaclesports.com and Caribsports.com, Raviv said.
"At first it seemed like every week they chose one target and you'd hear about a sports book going down," he said.
In the last four months, however, the volume of attacks and the number of sports books attacked have both increased. DDoS attacks are now an almost daily occurrence against at least one online sports book, and pressure is mounting as Super Bowl Sunday approaches, Matthews said.
"Just this weekend there were six or seven books attacked at the same time," he said.
Those targets included www.bluegrasssports.com and www.betcascade.com, a reputable sports book that is used by many professional gamblers, Matthews said.
Bluegrasssports.com could not immediately respond to questions, and a spokesperson at Betcascade.com declined to comment.
However, many online sports books' home pages show evidence of the attacks. Some now highlight toll-free numbers for placing bets and offer advice to bettors who cannot place wagers using their Web browser.
