Casino Security and Cyber Attacks Against Casino Sites

Physical and virtual casinos are enticing targets for criminals, and casino operators spend considerable time and money trying to make sure customer data and money stay safe. Casinos are similar in scale to banks in terms of currency and client base, so no wonder the attackers are keen to find a way in. With an industry worth billions and sites storing sensitive client data, proprietors must stay vigilant.

For players, the first step towards ensuring the security of their data is to play only at fully licensed casino sites. The UK Gambling Commission requires casinos to have extremely high safety standards, and only issues licenses to those that fully comply. 

Despite the best efforts of casino owners, there have been successful attempts to breach casino security in recent years. As online gambling continues to proliferate, it is more important than ever that the casinos stay two steps ahead of the hackers. 

How Cybercriminals Target Casinos

There are a number of ways that online casino security can be breached, with some easier to defend against than others. Recently, more gambling sites have been the victims of denied distribution of service (DDoS) attacks. This is less of a worry for the customers, but a huge problem for the casino. The attack is designed to shut the site down or slow it to the point where it becomes unusable. This type of attack can be carried out on behalf of unscrupulous competitors, and often leads to huge financial losses. 

Some big casino sites have fallen victim to DDoS attacks. In 2016, popular betting site William Hill lost an estimated £3 million when the site and app were closed down on a crucial night of the Champions League. More recently in 2018, PokerStars were forced to cancel tournaments and refund players as a result of a similar attack. 

Hacks and Scams on Client Data

While DDoS attacks are inconvenient, they are not usually a serious concern for the players. The site may close, but no data has been breached. Much more serious is the threat of hackers and scammers stealing client information, including credit card or bank details. This information can be used to gain access to customer financial accounts, or it is sold on to third parties.

Successful attacks on casino websites have been reported, although the industry likes to keep such breaches as quiet as possible. Known groups of hackers from China and North Korea have targeted more vulnerable sites in parts of Asia and Latin America.

Reputable sites employ end-to-end encryption to mitigate against such data theft. In the UK, players are protected by extremely stringent standards of security imposed by the UKGC. The biggest exfiltration of client data reported at a UK online casino took place in January 2020, when the Betsson subsidiary SuperCasino warned its customers that their information had been compromised. 

Details remain unclear over many such security failings, and in some cases it is not immediately obvious if hackers are involved or not. Casinos have been known to accidentally leak or expose customer data due to their own carelessness. In January 2019, an open database was discovered to contain the details of millions of individual wagers, although full financial data was not made available. Casinos that fail to adequately protect their client information face enormous fines, not to mention the loss of their license. 

Land Casinos Safe from Cyberattack?

You may think that cyber crime applies only to casino websites, but that is not entirely true. In today’s digital world, even land casinos have vulnerabilities that can be exploited by hackers. In fact, the majority of cyber crime has targeted large brick and mortar establishments rather than purely online operations.

Land casino security is very sophisticated, covering aspects such as whole-property surveillance, customer facial recognition, and background checks on both players and employees. In the UK, advanced vault security is one requirement enforced by the UKGC. This can include access codes that are changed daily – just like in Ocean’s Eleven – and time-delay locks. 

Chips can be a target for robbers too, so there is inbuilt security protecting them as well. The chances of anyone pulling off a major heist at a land casino today is very small. One area where criminals can still infiltrate is via computer networks.

The increased connectivity of electrical items to the internet gives attackers another door into an otherwise secure system. One story that has been doing the rounds for a couple of years involves a large aquarium in a Las Vegas casino lobby. The story may be apocryphal – the casino has never been named – but the premise is credible. Hackers found that the tank’s smart thermometer was unsecured, and used it to get into the mainframe. 

More well-documented was the 2016 phishing scam on the Casino Rama in Canada. The resulting class action lawsuit was thrown out on the basis that the casino was not at fault, and the plaintiffs had not suffered any financial losses. Even so, the case made people understandably wary.

One Step Beyond – RSA Encryption

Some online casinos have started to adopt more robust security features in order to reassure their customers. One such system is known as RSA encryption, which is even more secure than the more commonly used SSL.

The cryptosystem uses a private and a public key, which are used to encrypt information before it is transferred via the internet (which is an insecure medium) and then decrypt it. The processes are somewhat too complex to go into detail here, but it is similar to the system used in blockchain to ensure the safe transfer of data. Online casinos that use this security can offer superior safety to their clients.

Casino security can never remain static. Cyber criminals are constantly finding new ways to gain access to sites and customer data. In order to stay ahead, casinos must ensure that their online security keeps evolving to stay at the cutting edge of the available technology.