The recent cyberattack of the WPN online poker network could be just the tip of the iceberg for threats facing online poker sites, according to several internet security experts gathered at TechCrunch Disrupt in San Francisco this week.
It’s hardly a stretch for poker sites to fear a massive hack similar to what happened with Equifax, which exposed personal financial data of more than 143 million people.
Google’s Information Security Manager Heather Adkins told the audience at TechCrunch Disrupt, an annual conference where new technology startups launch their products, that every website owner must prepare for the inevitable that “you’re probably going to get hacked.”
Adkins said avoiding cyberhackers is nearly impossible regardless of security measures taken. But beyond focusing solely on prevention, how site owners react to a hack can make a world of difference.
“The question is not whether or not you’re going to get hacked, but are you ready?” she asked the audience. “Are you going to be able to very quickly make decisions about what to do next?”
Prevention Is No Cure
The Q&A session with the Google cybersecurity expert came just days after the Equifax hack, considered one of the largest data breaches in history.
The company still hasn’t discovered the culprits nor does it know exactly how it happened. But Equifax did say in a press release there was a flaw in a tool it used that was designed to build web applications.
The personal information stolen could be harmful to millions. Beyond social security numbers, birth dates, and addresses, someone’s personal credit history can reveal much more about their lives and then be used to do them harm.
Online Poker Vulnerabilities
There are various ways hackers can attack a poker site. Most recently, security experts in South Korea suggested state-sponsored hackers in North Korea were targeting poker and gambling sites specifically, as a means of generating cash.
In a 2013 cash game session on PokerStars, high-stakes pro Doug “WCGRider” Polk lost $35,000 to an unknown player named “Forbidden536.” That normally wouldn’t be cause for concern. High-stakes players such as Polk have massive losing sessions often.
But Polk believed, in this instance, his computer had been hacked, claiming his opponent made some strange decisions that only someone who could see his hole cards would make.
After an investigation, he received an email from PokerStars informing him that his computer was indeed hacked and his hole cards were visible to his opponent. The poker site refunded him nearly $35,000 in losses from that session and froze the Forbidden536 account.
Over Labor Day Weekend, the Winning Poker Network and its site America’s Card Room fell victim to a cyberattack that caused the cancellation of a major poker event. WPN CEO Philip Nagy said he believes the attack was committed by a rival poker site.
This case was a matter of a Distributed Denial of Service (DDoS) attack on its server, which greatly differs from the Equifax hack. During a DDoS attack, which is not a hack, individuals or bots send so many communications to the server that it causes a traffic jam on the site.
For the better part of three days, poker players were unable to log in or join games, which of course also prevented the site from making money. In a Twitch video following the attack, Nagy vowed to spend as much money as it takes to prevent future cyber-hacks and attacks.
As Adkins told the audience at TechCrunch Disrupt, nearly every company with a website will eventually fall victim to a major attack. And when that happens, as Adkins advised, it will be on company leaders to respond, as Nagy did, in a way that reassures their customers that their personal data is secure.