Security threats Toolkit

Web bookies demand higher security standards

Tags:
E-crime,
Blue Square

Dan Ilet ZDNet.co.uk

Published: 05 Apr 2005 16:55 BST

Online gambling companies are urging ISPs to do more to prevent hackers disabling computers with distributed denial-of-service (DDoS) attacks.

An industry forum made up of the UK's biggest Web gambling firms has been lobbying Internet service providers for several months to provide all their customers with better security.

"A lot of [ISPs] have started to address the problem of DDoS [attacks]said Peter Pedersen, chief technology officer at online betting site Blue Square, speaking at the e-Crime Congress in London. "One of the things we were trying to convince ISPs to do was distribute firewalls to their customers," he added.

Criminal hackers use distributed denial-of-service attacks to flood their target servers with so much data that they are unable to operate. A firewall that can conduct stateful inspection of outgoing data packets should be able to spot when a PC has been compromised by a hacker and is being used to take part in a DDoS attack.

Blue Square is one of many online gambling companies to face such an attack. Hackers typically tell e-commerce Web sites to pay up or face a series of attacks that can cripple their businesses through downtime.

Pedersen's comments echo a call made by David Yu, chief technology officer of online gaming portal Betfair, in an interview with ZDNet UK last November.

Pederson said that the attacks launched on the company's Web site, Bluesq.com typically comprised between one and two gigabits of data per second, which clogged their bandwidth and slowed their ISP's network.

Pedersen highlighted the importance of sharing security resources with competitors.

"As an industry we could appear with a united front," said Pedersen. "I cannot emphasise enough how important that is. We are all competitors but I leave that to the marketing board."

The forum has also been lobbying MPs to outlaw denial-of-service attacks.

The UK Parliament will have ten minutes on Tuesday to decide whether to update the Computer Misuse Act (1990). The proposals to change the law, which will be introduced by Derek Wyatt MP, would make DDoS attacks illegal, but this is highly unlikely to happen before next month's general election.

"Derek Wyatt's efforts to re-start a debate in Parliament regarding the Computer Misuse Act are to be applauded, but a paltry ten minute slot is not enough time or attention to give to such an important issue. This lack of interest is an insult to British businesses, which are most at risk from cyberattacks," said Simon Perry, European vice-president of security strategy for Computer Associates.