PokerStars Confirms DDoS Attacks PokerStars Confirms DDoS Attacks

PokerStars has confirmed that it too has experienced a series of Distributed Denial of Service (DDoS) attacks that have been interrupting the online poker industry including partypoker over the last ten days.

On Wednesday night, PokerStars turned to Twitter to update players and confirm that recent interruptions in service were the result of DDoS attacks:

The first wave of attacks on PokerStars began on Sunday night when a vast majority of players experienced connectivity issues across the company’s major networks including the European shared market. Its flagship tournament Sunday Million was among several tournaments which got interrupted prompting the operator to cancel all the running tournaments.

Players were automatically credited in accordance with PokerStars’ cancellation policy under which players received refunds based on their chip count at the time the tournaments were cancelled. However, the time between when the attacks began and the tournaments were cancelled caused an issue.

Several players “blinded out” before the tournaments were cancelled and as a result, many players did not receive appropriate compensation. While the majority of players were sitting out at the tables, some players from countries that were unaffected by the attacks built massive stacks from the disconnected players resulting in some players reportedly getting credited more than the stated first prize.

However, on Wednesday, PokerStars issued another notice on Twitter and said that the players have been credited refunds “based on their equity at the time of disconnection” but did not confirm if a DDoS attack was behind the disruption.

Second Wave of Disruptions

While PokerStars initially stated that the problems were resolved, the site was hit by a fresh wave of disconnections on Monday morning, forcing the operator to cancel the tournaments again. The operator issued an apology on Twitter and said that the refunds had been initiated.

However, the disruptions carried on throughout the week. At the time of writing, PokerStars’ websites are still not fully functioning in what perhaps could be the operator’s biggest DDoS attack in the recent period.

Recent Industry DDoS attacks

PokerStars is not the only victim of the recent industry DDoS attacks. The disruptions first started with the US-facing site America’s Cardroom on August 5 and continued throughout the week. The operator had to reschedule some of the events of its ongoing online tournament series to later dates.

However, the operator was quick to take a shot at partypoker soon after it was also hit by DDoS attacks. It tweeted:

Partypoker’s Managing Director, Tom Waters released a formal apology on August 10 admitting that it had been targeted with a DDoS attack. The operator also frequently updated its customers on social media and poker forums about the recurring waves of attacks, the operator’s ongoing mitigation efforts, and the refund process for affected players. Many appreciated partypoker’s transparency and response to the attacks.

As of now, it seems both partypoker and ACR have finally resolved the issues as there have been no further disruptions to their operations.

How does a DDoS attack on an online poker site work?

DDoS attacks are certainly not a new thing and have existed since online gambling’s earliest days. Such attacks are carried out by cybercriminals or extortionists who overload a website’s servers by sending their network a flurry of requests with malicious traffic from many different sources, which makes it nearly impossible to stop the attack. This then causes the servers to be temporarily inaccessible to the users and sometimes even causes the server to shut down. Attacks typically continue until a set of demands (ransom) are met or the operators are able to implement a technical solution to mitigate the effects of the attack.

DDoS attacks are very hard to prevent and no sites are immune to the attacks. In April 2015, several sites including PokerStars, Betfair, TonyBet, and Unibet were the targets of DDoS attacks at the same time. A couple of months later, DDoS attacks affected four regulated sites in New Jersey which were accompanied by ransom demands.

Later that year, two members of a hacker group called DD4BC were arrested for initiating DDoS attacks during April on that year. Interestingly, PokerStars was one of the operators confirmed as a DD4BC victim by NetScout Systems security division, a firm that has assisted international authorities in identifying DDoS attackers.

The fact that the attacks come just a couple of weeks before the upcoming WCOOP and POWERFEST—which are slated to be the operators’ largest tournament series in history—should be incentive for the online poker operators to work together to find a solution and prevent these attacks from happening during what will surely be a very busy time for online poker.