Hackers attacked the website of daily fantasy sports giant DraftKings last month. Now the company is trying to fight back. On Friday, a federal judge in Massachusetts granted the company permission to file its own private investigation toward finding the identities of those behind the denial of service attack on Aug. 8.
The cyberattack lasted more than 20 minutes and flooded the site with three times the number of requests for information it normally receives, DraftKings revealed in court documents. No private customer or company data was compromised.
“We recently detected and immediately responded to a distributed denial of service (DDoS) attack,” said DraftKings Chief Legal Officer R. Stanton Dodge in a court statement. “No confidential customer or company information was compromised, however DraftKings takes security very seriously. This filing is a necessary step to identify the responsible parties and hold them accountable for their actions.”
DraftKings personnel worked for several days following the attack to end the threat and mitigate any further potential damage. The IP addresses of those responsible were traced back to several service providers, and the court order now allows DraftKings to subpoena those providers for more information.
The attack occurred just two days after DraftKings released its sports betting service in New Jersey and just a month before the start of the NFL season. A DraftKings spokesperson claimed that there is no indication that the attack is related to either event, but that a motive remains unclear.
“It could be a competitor trying to close them down, it could be people who object to gambling in general,” Jim Waldo, professor and chief technology officer for Harvard’s John A. Paulson School of Engineering and Applied Sciences, told the Boston Herald. “It could be someone who decided to attack DraftKings because they do a lot of advertising.”
SportTechie Takeaway
The DraftKings cyberattack happened within days of the occurrence of another major security breach in the sports world, when hackers breached the internal servers of the PGA of America and demanded a Bitcoin ransom just two days prior to the start of the PGA Championship.
If DraftKings should need help with tracking down these hackers beyond its own private investigation, the company might be in luck. Groups dedicated to sports cybersecurity have begun to emerge, including the Sports ISAO (Information Sharing and Analysis Organizations).