America’s Cardroom (ACR), the flagship online-poker site on the Winning Poker Network (WPN), has had its operations crippled for several days by an ongoing Distributed Denial of Service (DDoS) attack.
This appears to be a renewal of the DDoS attacks that have intermittently crippled access to the US-facing network over the past several years.
The latest round of attacks began on Tuesday, April 24, and it has continued off and on ever since. The attacks forced ACR to cancel most of its scheduled online tourneys over the past several days, including Sunday’s “Million Dollar Sundays” event, a $1,000,001 prize pool tourney that’s the largest guaranteed-purse tournament offered by ACR.
Mitigation efforts ongoing
ACR has continually undertaken mitigation efforts to combat the attack, which typically appears as waves of bogus traffic targeting the site’s servers, thus overwhelming them and blocking most legitimate gaming traffic. Such attacks are unfortunately a long-time staple of the online-gambling world, usually orchestrated by hackers for the purposes of extortion.
ACR has published an update about the DDoS attack situation on its blog, which reads in part:
If you’ve been on the Americas Cardroom client over the last couple of days, you may have been unable to login and play, depending on the time. The reason for this is that we’ve been experiencing some severe Distributed Denial of Service (DDoS) attacks since Wednesday afternoon from an unknown party.
For those of you who don’t know what a DDoS attack is, it essentially attempts to continually disrupt the customer (you) from accessing services of the host (us).
In many instances, these attacks are motivated by financial gain where the attacker asks for a ransom for the attacks to stop. However, it’s our policy to never pay ransom regardless of the cost, as we will never give in to cyber terrorism.
This isn’t the first time we’ve experienced these attacks, and we’re sure it won’t be the last. Our DDoS mitigation team is working around the clock to mitigate the attacks, and we’ll continue to work tirelessly until all systems are online and we continue to provide you with an excellent gameplay environment, just as we did the times before.
ACR a recurring target
Americas Cardroom has been targeted numerous times over the past several years, for reasons which have remained unclear. The site and its parent network, WPN, were the targets of a very high-profile wave of DDoS attacks last September. That attack series also offered the spectacle of WPN chairman Philip Nagy alleging that the attacks were orchestrated and paid for by an unnamed rival site in an effort to disrupt ACR’s traffic during a high-profile series that was running at the time.
The mystery of September’s DDoS attack wave deepened when Nagy allowed a couple of high-profile ACR players to confront the attacker, who had taken to logging into ACR’s online poker tables to brag that the next attack in the series was about to commence. Nagy posted a video relating to those attacks, including the shock experienced by the players when they were told in chat, “This is my job; another site gives me money to DDOS you”.
That allegation was never proven, and it remains unknown whether the current wave of attacks has been orchestrated by the same party or parties.
Nagy also noted at the time that ACR had existed for several years until being targeted in December of 2014, just prior to the start of its first Million Dollar Sundays event. Though such attacks are highly criminal, the low cost of targeting a virus-recruited “bot” network against an online target has made the DDoS attack a long-running woe to many forms of online commerce.