Information Security News: Online Gambling: Hacking by Costa Rican Employees Not Uncommon

[InfoSec News <alerts () infosecnews org>]

http://www.gambling911.com/online-gambling-102007.html

By Christopher Costigan
Gambling911.com Publisher
October 20, 2007

With all the hoopla surrounding the Absolute Poker "internal breach", 
the focus shifts towards Costa Rican employees of online gambling 
establishments and the common practice of hacking into company computer 
systems.

Absolute Poker has claimed that one of their employees with "intimate 
knowledge" of their software platform, was able to go in and play along 
with real customers, identify their whole cards, and presumably walk off 
with the top money prize in tournaments (though there is a suggestion 
that the individual in question never saw any of this cash).

Hacking is an all too common practice among skilled tech employees of 
Costa Rican online gambling establishments and rarely is it done to be 
malicious.

"This employee wanted to prove to us he could do this (see the whole 
cards)," a Senior Manager of Absolute Poker conveyed to Gambling911.com.

Oddly enough this was the same exact statement made when a BetonSports 
employee was reprimanded for hacking into the Human Resource database 
some years back.

We were present when a tech employee was ushered into the office of then 
owner, Gary Kaplan, after it was learned he had hacked into this data 
base.

After all those stories we have read about Mr. Kaplan (currently 
awaiting trial in a St. Louis jail) (see: Gary Kaplan and BetonSports 
Profiled by River Front Times [1]) one immediately worried about the 
fate of this hacking culprit: shot, mutilated, at the very least - 
terminated without pay.  Just to show how Gary Kaplan wasn't as 
ferocious a man as he is made out to be, the "hacker" returned back to 
his desk smiling and joking.  The punishment appeared to be that he 
could continue working at BetonSports.

I had once sent an email out from that office using one of their 
computer terminals.  I soon learned that one of their employees hacked 
into my account and used my email to spam several hundred thousand 
people.

"They are like little monkeys trying to prove how good they are with 
computers," a BetonSports executive told us at the time.

One of the individuals responsible for overseeing the IT staff and 
graphics department relayed to Gambling911: "These guys are always 
hacking into systems and computers here just to show they can do it."

Many operators carry with them a certain arrogance too when it comes to 
those disappearing customer lists.  This has always been a major problem 
within the online gambling industry proper and continues to be.

The Absolute Poker debacle will reinforce the need for better "internal 
security" and more serious punishment for those who engage in "inner 
office hacking activities for fun".

Whether this is the scenario that occurred at Absolute remains to be 
seen.

[1] http://www.gambling911.com/Gary-Kaplan-BetonSports-101107.html


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com