You are here

Cyber Attacks Threaten Poker Networks Around the World

More Questions than Answers for Players

Players around the world, in more arenas than just online poker or crypto poker, have seen their favorite sites plagued by constant connection issues stemming from DDOS attacks. While there have been times of near normalcy, it does not last and connection problems resurface. This has caused a lot of people to start speculating what could actually be causing these attacks. The speculation has run wild. A major reason for this might be because sites have been reluctant to give that much information as to the actual problems are. With that void posters across the different forums have decided to try to find their own answers, some likely… others not as much.

The Facts

Every network and poker site has been Direct Denial of Service attacked at some point in the last three years, many have been targetted multiple times. Networks such as 888, PokerStars, Winning Poker Network, Pai Wang Luo, Merge Gaming Networkthat, Chico Network, Grand Poker Network, Equity Poker Network, Horizon Network and PartyPoker have been crippled in recent days by DDoS attacks or service disruption attacks. Some other sites have also seen connection problems but to a much smaller degree. Those include Ignition, Intertops, Full Tilt Poker and Seals with Clubs. This list pretty clearly indicates that it’s an entire world problem, and not just a US centric problem. This site allows you to see all the attacks happening thorughout the world, no matter how benign.

Captured live image of real time cyber warfare in 2018

No poker site has been hacked nor have any of the RNG been compromised. The type of attacks that are being perpetrated are focused on the Internet Service Providers (ISPs) and not the poker site themselves. Some of the types of attacks seen are attacks on the domain name servers. Other attacks are DDOS, ping flooding, and UDP flooding. It appears that in many cases, multiple forms of attacks are being used. Evidently makes it difficult to defend against. Many other sites that are not poker related have also had problems since late Novemeber 2014. Poker sites have been working with their ISPs to try to come to a solution sooner rather than later, but it’s not something that can be fixed right away. Working with ISPs though to strengthen issues now will lead to a stronger and more robust system in the future. Cloud computing and CDN distribution methods have certainly helped, but the scope of these attacks is enormous and can completely overwhelm even a distributed server network!

Additional Note: This article on ZDNet clearly shows that the scope and scale of Internet attacks are rising at a very scary rate as of late. Check it out here.

The Interesting Part: Speculation

The speculation might be some of the most fun stuff about this, if there is such a silver lining to be found, because there is so much that can be interpreted and concluded from the parts of information we do have. The most interesting and circumstantial of that speculation is that someone playing in the Sunday High Roller on Merge Gaming was allegedly causing DDoS attacks at his will on Sunday December 7th. The evidence surrounding this stems from the fact that the player in question would bloat the pot and then min-raise on the river and a disconnection would happen before his opponent could make a decision on the hand. This allowed said player to win the pot without showdown. Players railing this event noticed it happening at least 6 times. While this does seem really interesting, it also seems odd that he would do this, because it would be nearly impossible to get away with. It’s also important to note that if accounts had been compromised something like this wouldn’t happen, the money would just be gone. It’s an interesting scenario to think about, but ultimately leaves a lot of questions, as opposed to answers or reasons.

Our editorial staff would like to note that Merge ultimately cancelled the tournament. Carbon Poker, in accordance with its tournament refund policies, refunded players via ICM as well as offering tournament tickets and multi-thousand dollar payments to some players for lost EV. Thanks for doing the right thing Carbon! Also, while no official word has been given by the network, Professional Rakeback is very pleased to note that the account in question has not had any activity since the event and it appears to have been shut down by management.

Some have said it might be possible that a government, or government sponsored group, is responsible for what is currently happening. If it were just American sites then that might be something with a higher likelihood of having some truth to it. This idea continues to carry some weight in wake of news coming out from other sectors in the world and the high link between hacking or DDoS attack and governments or government sponsored groups. The U.S. has also been known to attack torrent sites and other sites they deem illegal or at best questionably legal. There is little proof though past circumstantial evidence, but is rife with speculation and innuendo.

The most likely scenario is the same one that happened this summer to Seals with Clubs. In that attack, a Russian network of hackers who would DDoS attack the site demanding ransom money for them to cease the attacks. The idea isn’t unique to poker by any means as many sites have been targeted in this ransom-to-cease-damage type of situation. It’s unclear if sites are having a nearly impossible time of handling it, or if there might be multiple groups attacking from different angles. Further, even if this is the reason, it’s unclear if it’s the same group of individuals or a completely different group, which could spell more trouble for sites in the future. As mentioned, this seems most likely, but doesn’t answer all that many questions.

Conclusions and Hope

Regardless of what the actual reason for this happening is, it’s clear that it’s a major problem. Luckily sites have been working to try to correct this issues as best they can and are considering taking more permeant measures to ensure this happens as little as possible in the future. One solution for sites for example would be to move their DNS servers to a cloud based environment - some of these attacks are directly on the DNS servers, not the game servers. So while the games and websites are running perfectly fine, players are unable to be properly routed over the Internet to their destinations. This would increase the difficultly of attacks and leave players with a more stable and enjoyable playing experience.

Players can do more to help themselves stay safe though and in the next day your friends here at will be providing a guide for you on how to protect yourself as best you can from any kind of attack or hacking. If you have any more information or speculation, feel free to share it on Twitter or Facebook with us. This story is still shrouded in mystery and it could be some time before we get to the bottom of it.

If you want to try a different poker site until these problems are resolved, there are a few options and the following US online poker sites, Australian online poker, and Canadian online poker articles should help you find a safe, legal, and fast-paying option for your real money play until your current site is able to properly fend off these cyber attacks. Who knows, you may even end up with a new favorite place to play!