Tuesday, July 20, 2010

130 B.C. lottery web accounts compromised

The B.C. Lottery Corporation launched its online

gambling website on the morning of July 14, but within hours, it h
ad crashed. The B.C. Lottery Corporation launched its online gambling website on the morning of July 14, but within hours, it had crashed. (BCLC)

B.C.'s privacy commissioner has confirmed
that a breach that compromised users' account details forced the shutdown of the B.C. Lottery Corporation's new online casino PlayNow.com just hours after it was launched last week.

Elizabeth Denham says the personal information of more than 130 people was inadvertently shared with other customers on the website.

Denham says the problem was not caused by a hacker but by "data crossover" that made the names, contact information and, in some cases, credit card and bank information visible to other gamblers using the site.

Denham says the site will not be back up until the problem is fixed.

She has asked BCLC to pay for a credit monitoring service to ensure the victims of the breach won't be targeted by fraudsters.

BCLC unavailable to comment

The B.C. Lottery Corporation was unavailable to comment on the allegations that customer information and perhaps even cash in online accounts may have been compromised during the launch of its online casino.

On Tuesday, the lottery corporation's CEO failed to return calls from CBC News after scheduling an interview to discuss the website's problems.

The agency has repeatedly blamed an overwhelming rush of customers for the crash of the website last week.

"High player volumes to the Playnow.com website on July 15 exceeded server capacity, creating traffic and load issues," said a statement released by BCLC on Monday.

"When BCLC learned about this situation, immediate action was taken to shut down PlayNow.com and a full assessment was initiated."

NDP raises privacy concerns

Before the privacy commissioner confirmed the breach, the B.C. NDP said the continued disruption of the site was raising concerns about the protection of personal information and called on the government to tell the public what is going on with the new gambling website.

"The B.C. Liberal government must tell British Columbians what is going on," said MLA Shane Simpson. "The suggestion by at least one expert that the site crashed because it was hacked is troubling.

"If the government is going to get into online gaming, they need to protect people's privacy. People want to be able to trust that their private information, from credit card numbers to gambling histories, is not being compromised."

The gambling website crashed just hours after its launch last Thursday and has yet to be restarted. Billed as the first government-sanctioned online casino in North America, the site was immediately controversial.

That led some computer security experts to speculate that hackers may have targeted the site with an overwhelming number of hits in order to disrupt the servers.

But officials at BCLC have been quick to deny such speculation.

"To date, the preliminary results from the assessment and a third party security review show no evidence of external interference or hacking," said the statement.

Botnets can overwhelm websites

But Vaclav Vincalek, the head of Pacific Coast Information Systems, said the high number of hits the website immediately experienced could have been created by a hacker tool called a botnet, which the corporation might not have recognized as hacking.

Setting up a botnet involves sending out a computer virus that lies dormant in a network of home computers. The hacker then activates the virus and all those computers start sending normal looking information and requests to one target website at the same time, overwhelming its servers.

Botnets involving as many as 1.5 million computers have been detected on the internet by police, but most are estimated to involve an average of 20,000 computers, in order to avoid detection.

In some cases, botnets are created in an attempt to extort money from the operators of websites, said Vincalek. "So you build your army of botnets and you go after the gambling website like this … and you say, 'Look, you either pay us X amount — $100,000 — or we shut you down,'" said Vincalek.


No comments:

Coldstream Ratepayers News! All Coldstream residents are ratepayers!

The opinions expressed by "Coldstreamer" are strictly his own and do not represent the opinions of Coldstream Council!

Because I value your thoughtful opinions, I encourage you to add a comment to this discussion. Don't be offended if I edit your comments for clarity or to keep out questionable matters, however, and I may even delete off-topic comments.

Gyula Kiss


We must protect our rights and freedom! (Photo courtesy of D. Gibson) Click on eagle to watch EAGLECAMS

About Me

My photo
I have been a resident of Coldstream since 1976. I have had 15 years of experience on Council, 3 years as Mayor. As a current Councillor I am working to achieve fair water and sewer rates and to ensure that taxpayers get fair treatment. The current direction regarding water supply is unsustainable and I am doing all I can to get the most cost effective water supply possible.