UK National Lottery knocked offline by DDoS attack

Saturday evening is a big night for the UK National Lottery, as draws are made and jackpot winners discover that they are newly-made millionaires.

It’s no wonder that many people choose to gamble a few pounds on a Saturday evening, in the hope that they might be the lucky ones. Yes, you could go to one of the National Lottery’s 46,000 retailers up and down the country to buy your ticket – or you could take the (much) easier route of simply visiting the lottery’s website or firing up their smartphone app.

Except, on Saturday 30 September, those online options weren’t available to you, as www.national-lottery.co.uk and its associated app were made inaccessible by online criminals who flooded the site with traffic.

As DownDetector reports, thousands of wannabe gamblers were complaining that they were unable to play the Lottery – missing a chance to potentially win millions of pounds.

The National Lottery offered an apology to customers unable to use its smartphone app or access the lottery’s website, while pointing out that ticket purchases could still be made from its nationwide network of retailers.

Subsequently, the National Lottery confirmed that it had suffered a distributed denial-of-service (DDoS) attack.

The motive for the DDoS attack remains a mystery, and we don’t know if someone was attempting to blackmail the National Lottery – certainly other gambling sites have often been targeted in the past – by using the threat of bring the website down.

We also don’t know presently who was responsible for the DDoS attack – although there is bound to be speculation that it may be the same group which sent threatening emails earlier this month, warning of DDoS attacks on Saturday 30 2017 unless a Bitcoin ransom was paid.

Of course, it’s worth bearing in mind that some criminals won’t shy away from making threats to bring a site down if they believe it might bring money their way, even if they don’t have the ability to launch a DDoS attack.

DDoS attackers are only too aware that the online gaming and gambling industry are particularly reliant on their websites remaining accessible, and have no qualms about harnessing botnets to launch denial-of-service attacks to bring services to their knees.

One would expect the likes of the UK National Lottery to be aware that they were a potential target for attack, and have systems in place to reduce the opportunities for attackers to disrupt services through a DDoS attacks, but clearly their defences weren’t enough to entirely deflect the assault on this occasion.

All businesses would be wise to consider what threat DDoS attackers might pose to their organisation, and what steps they could take to reduce the chances of them being the next target in an online criminal’s crosshairs.

Author Graham Cluley, We Live Security

  • Rudston

    If the hackers had chosen Friday night to disrupt the Euromillions draw I think a lot more people would have noticed, what with the jackpot being £167 million. Lotto draws don’t attract so much attention these days., so Camelot got off relatively lightly. But was this really all for the sake of 0.2 Bitcoin?

Follow us

Copyright © 2018 ESET, All Rights Reserved.