[ISN] CryptoLogics Gaming Software Hacked

From: InfoSec News (isnat_private)
Date: Sun Sep 09 2001 - 22:20:06 PDT

  • Next message: InfoSec News: "[ISN] Linux based Trojan gets a closer look"

    by Fred Faust
    September 06, 2001
    CryptoLogic Inc., the Toronto company thats a veteran developer of
    Internet gaming and e-commerce software, suffered a system intrusion
    at the end of August. The hacker caused the win rate on three games
    craps, video slots and the Rags to Riches progressive slot to be
    higher than had been programmed by CryptoLogic.
    As a result, players who happened to be playing those games on the
    sites of two CryptoLogic licensees won much more money than they were
    supposed to. They were paid in full.
    The windfall to players amounted to US$1.9 million. The company said
    it has submitted a claim for $1.3 million to its insuror. So the loss
    to CryptoLogic and the two licensees will be $600,000, with most of
    that absorbed by CryptoLogic.
    The company mentioned the incident in a press release issued
    Wednesday. Its director of communications, Nancy Chan-Palmateer,
    fleshed out some of the details in an interview today with RGT Online.
    She said she couldnt discuss all of the details because an
    investigation is continuing.
    There was never any compromise of player information, there was no
    access to financial information, Chan-Palmateer said. All of that was
    fully secure.
    The company believes that the hacker was trying to harm CryptoLogic,
    not trying to rig games so that the hacker could personally benefit.
    All of the players at the time were longtime players known to the
    sites where they gambled, Chan-Palmateer said.
    This is more of a malicious attack on the company, someone trying to
    hurt the organization, she said, adding that theres a high likelihood
    that this person has intimate knowledge of our system, so its not just
    your average Joe out there trying to get into the system.
    Chan-Palmateer declined to identify the two casinos, but she said they
    were two of CryptoLogics larger licensees. The company has more than
    20 licensees, all using the same software. But the hackers
    manipulations only affected one game server, she said, and that server
    was the one the two licensees were using at the time.
    The intrusion was detected after a few hours. We were able to contain
    the situation, Chan-Palmateer said. We stopped those games
    momentarily, we identified the particular players involved that had
    been affected, we then disabled those accounts and advised licensees
    as well as the players. We restarted the games so there was no
    disruption of service to other players, they could continue to play.
    It was the licensees decision, which we fully supported, that they
    wanted to play their players in full, so weve got a lot of happy
    players out there now.
    This is undoubtedly not the first time that a developers gaming
    software has been hacked, but it is unusual for the developer to
    announce the fact and be willing to discuss the details.
    Chan-Palmateer said CryptoLogics action in this case is very much
    consistent with regulatory environments, which is what were moving
    In its press release, the company said, As part of its ongoing
    commitment to regulatory compliance for safe and secure online gaming,
    the company also advised that it has swiftly resolved a recent system
    intrusion with minimal impact.
    It is a cost of doing business, Chan-Palmateer said. Were not happy
    that it happened of course, but we were happy with the response, that
    we were able to contain it with full protection to players, and
    minimize exposure to both ourselves and our licensees.
    CryptoLogic said its loss from the hacking incident is not expected to
    affect its quarterly results. The company anticipates net income of
    US$4.2-$4.6 million this quarter, on revenue of US$9.7-$10.2 million.
    At these levels, both income and revenue would be significantly ahead
    of last years third quarter.
    The company also announced Wednesday that it was in the process of
    getting its software certified by the governments of the Isle of Man
    and Alderney, two island territories off the coast of Britain that
    have recently legalized online casinos.
    Asked if that means that some of CryptoLogics licensees have applied
    or plan to apply for online gaming licenses in these jurisdictions,
    Chan-Palmateer said, Yes, thats an appropriate conclusion. Were
    preparing ourselves and positioning ourselves so that we can get out
    of the gate pretty quickly. Certification by these governments might
    also help the company secure new clients for its software.
    The companys efforts to obtain regulatory clearance in the Isle of Man
    are further along than in Alderney, where they are just beginning, she
    said. In both cases, she said, the process should be helped by the
    work the company has already done with regulators in Australia.
    Authorities there have been testing CryptoLogics software and
    performing background checks on the company and its officers.
    The compliance work in Australia has been under way for 18 months, and
    were just moving into the final stretch of it and hope to be done this
    fall, Chan-Palmateer said. The company has spent more than US$2
    million on the Australian compliance process, she said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 04:58:47 PDT