DDoS Attack Knocks Out National Lottery Website   

Thousands of National Lottery players failed to get their tickets for the big draw on Saturday night, although we might point out that this only made them marginally less likely to win.

The UK National Lottery hit by DDoS attack

The National Lottery site was walloped by a DDoS attack during peak hours, suggesting it was held to ransom. (Image: Camelot)

The reason? The entire lottery website was hit by a DDoS attack. Lottery operator Camelot apologized for the situation on Saturday, but only admitted the following day that cyber criminals had taken the site down.

DDoS (or distributed denial of service) attacks use thousands, or even millions, of surreptitiously compromised IP addresses, which together create a “botnet” than is then concentrated on a website, overwhelming its bandwidth with a crippling wave of data.

Online gambling websites are a favourite target because it’s easy to coincide attacks with big sporting events, for example, or online poker tournaments, or lottery draws, on which gambling companies are deeply reliant for revenue.

Naturally, DDoS attacks are usually accompanied by a ransom demand, which some companies may choose to pay if their tech team can’t regain control.

Peak Hours

While Camelot made no mention of a ransom demand, it’s very likely there was one because of the timing: the attack hit the National Lottery site at pure primetime, for an hour and a half, early on Saturday evening.

On Saturday, a DDoS extortion group calling itself “Phantom Squad” sent messages to businesses around the world, threatening to disrupt their services unless money was paid, although it is not known whether this is related to the Camelot incident.

According to Akamai Technologies, the online gambling sector is now the most frequently-targeted sector, accounting for more than 50 percent of all attacks. Attacks are also becoming more frequent, fueled by the easy availability of DDoS-for-hire sites, and also more powerful.

Mirai Threat

The Mirai virus, appeared in January. Its first attack was by far the most potent DDoS attack ever registered, flooding the digital security news portal KrebsOnSecurity with useless data almost twice as high as anything seen before.

Mirai harnesses the power of thousands of Internet of Things (IoT) devices, which boosts the strength of an attack. The Mirai coding was posted online in hacker’s forums, meaning anyone can have a go.

January Hack

This is the second time this year that Camelot has been embarrassed by cybercriminals. In January, the company announced that the personal details of some 26,500 online customers had been compromised by a hacker or hackers.

Camelot claimed there had been no direct hack on core National Lottery systems, and that the data breach had probably arisen from players reusing passwords for multiple platforms. Many of its customers protested this was not the case.

Share Now: