From NJ Star Ledger, today:
ATLANTIC CITY
Authorities Investigate Cyberattack on Casinos

Hacker threatened a more powerful attack on online casino gambling sites “unless a Bitcoin ransom was paid.”

By Ted Sherman
For The Star-Ledger
State and federal authorities said Monday they were investigating a cyberattack on four Atlantic City online casino gambling sites, which were apparently targeted by a hacker who promised more disruption unless a ransom was paid in Bitcoin.
David Rebuck, director of the New Jersey Division of Gaming Enforcement, said the attack was launched Thursday, before the long Fourth of July holiday weekend, and continued through Sunday. “At least four casinos were impacted and experienced downtime,” Rebuck said. “We’re continuing to monitor.”
He said the four websites were the targets of what is known as a “distributed denial of service,” an attack that “floods” a network with information, rendering it inoperable. He said the attack lasted approximately 30 minutes.
According to Rebuck, the attack was followed by the threat of a more powerful and sustained attack “to be initiated 24 hours later unless a Bitcoin ransom was paid.”
He did not reveal how much money was demanded in the cyber currency favored within the online world’s black markets, but said the follow-up attack had the potential to not only adversely affect the targeted casinos, but also all business in Atlantic City who share the same Internet service provider.
Among the agencies now investigating are the Division of Gaming Enforcement, the State Police, the FBI and the New Jersey Office of Homeland Security and Preparedness.
New Jersey began allowing Internet gaming in November 2013, the third state to legalize cyberspace casinos, following Nevada and Delaware.
Online wagering remains a small percentage of total revenue
— casinos in Atlantic City won $12.5 million from people betting on computers and other devices in May, up from $10.5 million in May 2014, according to state reports.
By comparison, total gaming revenue in May was $221.1 million.
Although he did not identify the casinos affected in the latest hacking incident, Rebuck said they believe they know the person responsible.
“He’s a known actor,” he said. “He’s done this before.”
It is not the first time a casino has been targeted by hackers. Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University, told a Congressional subcommittee in June that U.S. officials believed Iran to be responsible for a 2014 cyberattack against the Sands Casino in Las Vegas, owned by the major Republican contributor Sheldon Adelson. He said attack shut down PCs and servers “in a cascading IT catastrophe.”
David Schwartz, director of the Center for Gaming Research at the University of Nevada, Las Vegas, said online gaming sites in this country have not yet become a major target of hackers.
“It happens quite a bit offshore,” Schwartz noted, referring to online gambling hosted on servers outside the United States. “Often there is a ransom demand attached.”
Ted Sherman, NJ Advance Media, tsherman@njadvancemedia.com