You are here
Home

Big Overlays Result from DDoS Attacks on WPN!

WPN Logo

The Winning Poker Network and its flagship brand, ACR Poker, have been a frequent target for distributed denial of service (DDoS) attacks over the years. The latest wave of them in April - May 2018 was possibly the most severe to ever affect the site. Despite the best efforts of the network security team, service was interrupted on more than one occasion, preventing customers from playing..

DDoS Overview

Representation of the Global Internet

A DDoS intrusion involves thousands of devices trying to access a website, poker client, or some other piece of computing infrastructure all at the same time. The goal isn't necessarily to compromise data or hack into the system but rather to overload the target and interrupt its normal functioning.

This type of online malfeasance has really grown in recent years, and some of the most sophisticated DDoS rings now employ in excess of 1 million machines. The crooks behind these strikes don't need to physically control all these systems; they gather together botnets of cooperating computers by infecting them with malware. Machines that participate in these DDoS incidents, often without the knowledge of their owners, are called zombie computers.

It's not just online gaming firms that have to contend with DDoS shenanigans although online poker, casino, and sports-betting sites are frequent victims. Even such large sites as Twitter, Netflix, and Reddit have been the focus of DDoS disruptions before.

Recent WPN DDoS Woes

Calendar

The Winning Network is a juicy target for DDoS attacks as the site with the largest poker tournaments open to Americans. The network has been thwarting the plans of internet crooks for years, sometimes suffering from server downtime but then implementing measures that caused the DDoS strikes to cease (at least temporarily). However, a surge of them starting April 24 and lasting more than a week overwhelmed the poker operator's defenses.

Players reported being disconnected from their games. This was true in all formats of poker spread by the network, but the problem was most serious in tournaments. In cash games, being disconnected only really hurts players who are active in a hand at the time of disconnection. In tourneys, however, the entire competition can be disrupted for multiple hands and a majority of the participants.

Quite a few of the tournaments at the WPN had to be canceled altogether after they had already started. The network has a tournament cancellation policy specifying how to handle situations like these so as to award the money involved as fairly as possible. Nevertheless, people were bound to be disappointed no matter how the prizes were distributed.

For some, the inconveniences of the DDoS situation extended beyond the odd disconnection and terminated tournament. A few players reported being unable to access the cashier, but everyone who was able to request a cashout got paid their funds in full within the normally stated timeframes. Yet, many users couldn't even get to this point because they were unable to log into their accounts at all!

Error Shown to Some ACR Users Because of DDoS Attacks

 

Tournament Guarantees Called Into Question

Brown Bag of Money

Near the beginning of 2018, the Winning Poker Network revamped its tournament schedule, boosting up the guaranteed amounts beyond $6.5 million per week, including $1.5 million on Sundays and $750K on Saturdays. However, the Winning tournament director, in an exclusive interview with ProfRB, revealed that this increase was too ambitious and would have to be scaled back. We're not sure how the DDoS troubles weighed into this decision, but they undoubtedly did because some of the events were overlaying hard.

The Million Dollar Sundays already had sizable overlays every week even without the DDoS. Indeed, the WPN had to kick in more than $2.6 million in total to cover its MDS seven-figure prize pools. These $250 + $15 games were initially scheduled to run every week from January to March, but they were extended indefinitely thereafter. However, shortly after the April 24 renewal of the DDoS attacks, it was announced that they would end, at least for the time being, on April 29. This final end-of-April event was scrapped form the lineup though once the full scope of the DDoS issues became known.

Why DDoS a Poker Site?

Question Mark, Red

The motive behind many DDoS pursuits is extortion. The criminals agree to halt their nefarious deeds in exchange for a payoff. Of course, actually handing cash over to these miscreants has the end result of increasing the level of DDoS activity because it makes this type of wrongdoing more profitable.

There has been speculation, though nothing solidly confirmed, that the WPN specifically is being hit because the attackers are being paid by rival online poker establishments to target the network. We feel that most of these organizations would do better to enhance their own tournament guarantees, support for crypto-currencies, and software functionality until they can match what the Winning Network has to offer. But, hey, some groups wish to take a shortcut to excellence no matter how unethical this may be.

WPN's Response

Man Pushing a Ball on Ground

Throughout the period of increased DDoS activity, the network communicated with players via Twitter and Facebook. Even though most of the updates consisted just of an acknowledgement that DDoS aggression was underway, merely reaching out to affected users and letting them know what was happening puts the WPN a step above most competitors who tend to keep mum about these kinds of occurrences.

ACR Tweet About DDoS
Example of the Twitter Updates Written by ACR During Periods of DDoS

There were several periods of server maintenance within April and May. While we don't know exactly what was done during this maintenance, it's a pretty good guess to suppose that the company was beefing up its servers to deal with the high load put on them by the DDoS attacks. There are plenty of hardware and software upgrades that can help mitigate the risk of DDoS although there's no surefire way of preventing them completely.

One strategy that's NOT on the table as far as the WPN is concerned is paying off the attackers. During a September 2017 live stream on Twitch.tv, CEO Phil Nagy said:

I will never, ever, ever, ever, EVER pay an attacker. I won't pay a ransom. I won't do it.

Though Phil's remarks concerned a previous round of DDoS happenings, the sentiments he expressed in the stream remain the Winning Poker Network's current policy regarding DDoS attacks. As it continues its quest to become the unquestioned #1 destination for online poker in the United States, the WPN has no intention of succumbing to extortionary bullying practices.