Hacking and Cheating in Online Gambling Today

April 21, 2014 Posted in iGaming, In The Headlines by No Comments

Following the recent news of the Heartbleed security bug that led to thousands of internet users’ security being compromised, New Jersey’s online casinos are taking a closer look at their security software to ensure that cheaters and hackers are kept out.

Two Sides of the Coin

In online gambling, hacking and cheating are two separate issues. Cheating can occur similarly to how it’s done in physical casinos. Players collude against the house and other players. Additionally, there are newer ways to cheat that involve the use of programs.

Hacking is a different story. Hacking into an online casino involves manipulating its encryption measures to allow oneself access to the valuable information stored within the site. This is frequently done with the aid of software, which embeds into a victim’s server and records all keystrokes that occur, allowing its user to gain access to password-protected areas of the victim’s site. Hackers usually hack for financial gain, but have also done so for political or purely malicious reasons.

Hacking and cheating have been going on in online casinos since the first online poker sites went live in the early 1990s. This happens with every new piece of technology – almost as soon as a new device or service is available to the public, there’s a hacker trying to undermine it.

The Early Days of Internet Gambling had a Carefree, “Anything Goes” Regulation Policy.

Sites were hosted offshore and players sent and received money through western union, personal checks, and bank wires. Operating a gambling website in the United States was illegal, which contributed to this risky atmosphere. No gambling websites allowed meant no government protection when something did go wrong.

This led to a proliferation of poker players willing to find ways to cheat. Dishonest players created poker bots, colluded, and data mined their way to easy money. Each of these methods creates an unfair advantage for its user in a unique way.

Ways to Cheat at Online Poker

Data mining is the practice of profiling opponents by analyzing all of their past hands. Hackers who have managed to get into poker sites’ past hand archives are able to find and catalog every game that various opponents have played on the site, giving them the data necessary to create graphs that show how each opponent reacts to various poker scenarios and plays his or her hands. Accessing past hands that one has not participated it in is illegal.

Collusion is a situation where two poker players agree to work together for monetary gain. This can also refer to one player signing into poker sites with multiple accounts on different computers, hiding behind the appearance of unique IP addresses. The player then might dump chips to one of the accounts, creating an unfair leverage against other players.

Poker bots are programs that play on behalf of their users. They can be employed as part of collusion schemes or to simply play while the user is away from his or her computer. Poker bots are banned on most poker websites because they are a type of fraud.

Solutions to Cheating

In response to these types of cheating, anti-cheating software was developed for poker sites. It wasn’t foolproof, but it helped cut down on cheating significantly. One such program is PitBoss. PitBoss and other anti-cheating programs detect bots’ formulaic playing style and suspicious player behavior. It allows alleged bots and cheaters to be flagged for removal and if they’re proven to be cheating, banned.

In physical casinos, ceiling-mounted cameras known as “eyes in the sky” monitor player behavior. On some websites, the anti-cheating software is also referred to as the eye in the sky.

Heartbleed Was a Security Hole

With the Heartbleed bug, the concern wasn’t cheaters using those old methods. The concern was about all the data that could be easily stolen by attackers. Heartbleed is a weak spot in the OpenSSL encryption software. New Jersey’s online casinos rely on SSL to keep their players’ information safe.

Hackers have always been a concern for websites that store users’ personal information. To log into a New Jersey gambling website, players must enter their social security number and bank account or credit card information along with their personally-identifying information like their name and address. Hacking past a casino website’s security can give a theft access to thousands of accounts, worth possibly millions of dollars combined.

SSL, short for Secure Sockets Layer, is a cryptographic protocol that protects valuable information by protecting it through layers of cryptographic primitives. These primitives are algorithms that change simple words, phrases and other types of data into blocks of seemingly random characters. Various types of cryptographic primitives are combined to make up a cryptographic protocol, which is usually strong enough to keep all information stored and transmitted through it secure. Connection between a client and a secure server can only begin once both parties have completed a handshake procedure which is a series of data transmissions between the two that allow for verification of both party’s identity. Once the handshake is complete and a connection is made, a session between the client and the server can begin.

Safe in Jersey for Now

After the Heartbleed bug was exposed, New Jersey gamblers were panicked. Their information was there, vulnerable, ready to be accessed by anybody who could exploit the Heartbleed bug.

But Caesar’s, Borgata, 888Poker, PartyPoker, and BetfairPoker were safe. Heartbleed only affected certain versions of SSL, none of which are in use by New Jersey’s online casinos. The versions affected are the older versions. These versions have been in use for over two years, allowing information to be easily accessed since 2011. Because online gambling is so new in New Jersey, casinos started their operations with the latest versions of SSL.

This doesn’t mean that New Jersey’s online casinos are safe forever. They got lucky with the Heartbleed bug – it affected hundreds of servers that store millions of accounts, but theirs were spared because they had recently purchased the SSL software. Say two years from now, a new bug is found and exploited. If a New Jersey gambling site doesn’t update its software between now and then, it could be at risk. Heartbleed was a wake-up call for secure websites to always update and patch their software when a new version becomes available.

It’s Too Soon to Tell

None of New Jersey’s online casinos have experienced a major hacking or security compromise yet because they are so new. If the IT teams behind Borgata, Betfair and the others want to keep it that way, they have to stay on the cutting edge of anti-hacking technology. You can’t get complacent when you have thousands of social security numbers on file. Cheating is one thing to deal with internally, but massive security breaches are another entirely.

This is New Jersey’s chance to build up a reputation as the safest gambling option on the web. There will always be hackers working night and day to break the latest software. Casinos need to stay one step ahead of them. It’s a cat and mouse game that, if New Jersey’s casinos can play it right, can lead to the kind of trust in a notoriously untrusted industry that will bring players back again and again.