DarkTrace protects against internal threats so pointless to imply it was failing. DDoS comes externally and needs to be deal with upstream. I'm guessing William Hill didn't do practice runs with their upstream providers which you really need to do from my past experience... Or they may not have even paid for DDoS protection.
Bookmakers William Hill under siege from DDoS internet flood
William Hill is currently on the receiving end of a Distributed Denial of Service attack. Many of the bookie's sites went down on Tuesday and have remained unable to provide much better than intermittent service into Wednesday due to an ongoing cyberattack. We apologise as our site is still down. We appreciate this isn't …
COMMENTS
-
-
Wednesday 2nd November 2016 15:33 GMT Alexander J. Martin
From the brochure
> The online gambling industry faces an increasing risk posed by cyber-attackers, dominated by distributed denial of service (DDoS) attacks...
And later
> Having full visibility of all digital interactions enables it to identify early signs of suspicious activity, regardless of whether they originate from within, or the outside, or if the threat had never been seen before
I think it's a fair inference when Darktrace mentions that is protecting William Hill, and that it recognises DDoS attacks as a dominant risk that William Hill faces, that it is protecting William Hill from such attacks, no?
-
-
Wednesday 2nd November 2016 16:08 GMT eriksolo
core tech is like a baby putting things in its mouth
"Darktrace is the only cyber defense technology that is capable of detecting anomalous behaviors, without any prior knowledge of what it is looking for."
OK. I guess if I wanted to attack a Darktrace protected site I would send a bunch of kermit and gopher requests to their ip blocks and then try to enter modem and modbus commands via telnet into ports 443. That would cause it to focus on anomalous behavior that it had no prior knowledge.
Then I would pay some skids $200.00 to DDoS their site.
My hacker name would then be known as C@Pta1n 0bv1ou5
-
-
Wednesday 2nd November 2016 18:41 GMT Dave Pickles
Just a DDOS?
I'm seeing a lot of packets hitting my home web server from multiple addresses in the 141.138.130.0/24 range, which according to WHOIS belong to William Hill. They appear to be SYN packets with source port 80 and destination port 80. It's either backscatter from a DDOS or something nefarious afoot.
-
Wednesday 2nd November 2016 19:22 GMT Mike007
There is a thread about it on NANOG
A back-of-the-envelope calculation of traffic seen at ISPs comes out as this being quite a massive attack.
-
Wednesday 2nd November 2016 20:36 GMT Only me!
Big picture
If something like this goes down. You have to ask why and the motivation for doing such a thing.
It costs money to knock it out.
1. Political/state sponsor? (Make x country look bad, because we can)
2. Who gets to gain most? (mmm...other betting sites? Someone who put a VERY large bad bet on)
3. US gaming industry? The ones that have helped form a law where only US firms are allowed in the US, but they can go where they want.
4. PFY? - Just trying to make the coffee
5. BOFH? - Just because - By they way the IT budget needs to increase, because of security risks.
-
Friday 4th November 2016 11:31 GMT BongoJoe
Re: Big picture
> 2. Who gets to gain most? (mmm...other betting sites? Someone who put a VERY large bad bet on)
What you would do here is to put another very large bet on the same event thus getting the bookmaker to reduce the odds.
The price will be reflected on the exchanges and then you can lay off the event there. And, if you do it right you can have an arbitration position where you make a profit no matter which what the outcome is.
-
-
-
Friday 4th November 2016 11:37 GMT BongoJoe
"The DDoS attack is only doing what the government should have done. Online gambling should never have been made legal in the first place."
You can sod right off, Mr Anonymous Coward and shove the Daily Mail up your arse whilst your'e at it. Restricting a legitimate trade because it doesn't suit your world view.
Let's get rid of insurance web sites (you know where we risk a small stake if we're 'lucky' enough to back the event that the contents of the house catches fire), life insurance, forex and so on and so forth.
If you can't understand probability, risk and such then perhaps you need to go to some Nanny State someplace elsewhere.
-