CryptoLogics Gaming Software Hacked

[InfoSec News <isn () c4i org>]

http://www.rgtonline.com/root_index.asp?BodyLoc=/newspage2/Features/detail.psp.q.All.e.(!00019a2c!).a.htm

by Fred Faust
RGTonline.com
September 06, 2001

CryptoLogic Inc., the Toronto company thats a veteran developer of
Internet gaming and e-commerce software, suffered a system intrusion
at the end of August. The hacker caused the win rate on three games
craps, video slots and the Rags to Riches progressive slot to be
higher than had been programmed by CryptoLogic.

As a result, players who happened to be playing those games on the
sites of two CryptoLogic licensees won much more money than they were
supposed to. They were paid in full.

The windfall to players amounted to US$1.9 million. The company said
it has submitted a claim for $1.3 million to its insuror. So the loss
to CryptoLogic and the two licensees will be $600,000, with most of
that absorbed by CryptoLogic.

The company mentioned the incident in a press release issued
Wednesday. Its director of communications, Nancy Chan-Palmateer,
fleshed out some of the details in an interview today with RGT Online.
She said she couldnt discuss all of the details because an
investigation is continuing.

There was never any compromise of player information, there was no
access to financial information, Chan-Palmateer said. All of that was
fully secure.

The company believes that the hacker was trying to harm CryptoLogic,
not trying to rig games so that the hacker could personally benefit.
All of the players at the time were longtime players known to the
sites where they gambled, Chan-Palmateer said.

This is more of a malicious attack on the company, someone trying to
hurt the organization, she said, adding that theres a high likelihood
that this person has intimate knowledge of our system, so its not just
your average Joe out there trying to get into the system.

Chan-Palmateer declined to identify the two casinos, but she said they
were two of CryptoLogics larger licensees. The company has more than
20 licensees, all using the same software. But the hackers
manipulations only affected one game server, she said, and that server
was the one the two licensees were using at the time.

The intrusion was detected after a few hours. We were able to contain
the situation, Chan-Palmateer said. We stopped those games
momentarily, we identified the particular players involved that had
been affected, we then disabled those accounts and advised licensees
as well as the players. We restarted the games so there was no
disruption of service to other players, they could continue to play.

It was the licensees decision, which we fully supported, that they
wanted to play their players in full, so weve got a lot of happy
players out there now.

This is undoubtedly not the first time that a developers gaming
software has been hacked, but it is unusual for the developer to
announce the fact and be willing to discuss the details.
Chan-Palmateer said CryptoLogics action in this case is very much
consistent with regulatory environments, which is what were moving
towards.

In its press release, the company said, As part of its ongoing
commitment to regulatory compliance for safe and secure online gaming,
the company also advised that it has swiftly resolved a recent system
intrusion with minimal impact.

It is a cost of doing business, Chan-Palmateer said. Were not happy
that it happened of course, but we were happy with the response, that
we were able to contain it with full protection to players, and
minimize exposure to both ourselves and our licensees.

CryptoLogic said its loss from the hacking incident is not expected to
affect its quarterly results. The company anticipates net income of
US$4.2-$4.6 million this quarter, on revenue of US$9.7-$10.2 million.
At these levels, both income and revenue would be significantly ahead
of last years third quarter.

The company also announced Wednesday that it was in the process of
getting its software certified by the governments of the Isle of Man
and Alderney, two island territories off the coast of Britain that
have recently legalized online casinos.

Asked if that means that some of CryptoLogics licensees have applied
or plan to apply for online gaming licenses in these jurisdictions,
Chan-Palmateer said, Yes, thats an appropriate conclusion. Were
preparing ourselves and positioning ourselves so that we can get out
of the gate pretty quickly. Certification by these governments might
also help the company secure new clients for its software.

The companys efforts to obtain regulatory clearance in the Isle of Man
are further along than in Alderney, where they are just beginning, she
said. In both cases, she said, the process should be helped by the
work the company has already done with regulators in Australia.
Authorities there have been testing CryptoLogics software and
performing background checks on the company and its officers.

The compliance work in Australia has been under way for 18 months, and
were just moving into the final stretch of it and hope to be done this
fall, Chan-Palmateer said. The company has spent more than US$2
million on the Australian compliance process, she said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.