Industry News

Online poker site bombarded by DDoS attacks, pauses tournaments

Bad news if you’re crazy about playing online poker – one of the world’s oldest online poker websites has been forced to pause its online tournaments after suffering a series of distributed denial-of-service attacks.

Americas Cardroom, which claims to be home to over one million online hands of poker each day, says that an unknown party has been attacking the site since last Wednesday.

The first attack wave came shortly after Americas Cardroom announced it was taking its site offline for three hours on Tuesday April 24th for what it described as “scheduled downtime for maintenance”.

The site didn’t come back online as planned, causing Americas Cardroom to apologise, blaming the problem on “a small ISP issue”.

Just over 40 minutes after the apology, the website announced on Twitter and Facebook that it was under attack. Clearly this was no longer “a small ISP issue”:

We are currently under a DDOS attack. All running tournaments have been paused and will soon be canceled. Our techs are working on the situation to have it fixed as soon as possible.

The following morning Americas Cardroom was still inaccessible to poker players, but most customers were able to return to the site later in the day.

And then, predictably, another attack was launched, sending Americas Cardroom back to square one. Clearly the site was struggling to cope with the scale of the attack that has been launched against it, and seeing as it continued to be hit badly by more attacks over the weekend, one has to assume that any mitigation put in place is not doing the job well enough.

Users, unable to log into their accounts, have turned to social media to vent their fury:

“It isn’t an inconvenience! It is often a big loss and you knuckleheads are not doing anything about that. Your technical and management expertise is zilch. Make it right.”

Some even speculated that the attack might have been related to a recent update to the site which saw users able to play with avatars portraying Donald Trump and North Korea’s Kim Jong-Un.


At the time of writing, Americas Cardroom’s last messages on social media suggest that the site continues to suffer at the hands of the attackers, and there’s no indication as to who might have masterminded the DDoS.

Denial-of-service attacks are certainly a common occurrence for gaming and gambling websites, with many reports in the past of extortionists threatening to knock sites offline unless “protection money” is paid.

There have been many victims, some of whom have agreed to give in to the extortionists’ demands simply because they lose so much income by not being able to operate their games online.

But it isn’t always the case that every DDoS attack comes accompanied by a demand of money. Sometimes people have launched denial-of-service attacks as childish pranks, or may be motivated by someone who has a grudge against a company.

Another possibility is that a commercial rival might be attempting to drive Americas Cardroom’s users away.

Last October, Phil Nagy, the CEO of Winning Poker Network which owns Americas Cardroom, claimed that a Labor Day weekend DDoS attack against the site might have been orchestrated by a rival poker site and said he was considering offering a reward to anyone who could provide evidence:

“I’m seriously considering offering a reward, 10 Bitcoin or something… something really big to anyone who can give me proof of who has been ordering these attacks.”

Meanwhile, customers of Americas Cardroom simply want to play poker. The bad news for them is that even if they did switch to a rival site, there’s no guarantee that their new poker-playing home wouldn’t also one day become the target of a distributed denial-of-service attack.


About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment