DraftKings rides to court, asks to unmask 10 DDoS suspects

A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.

DraftKings, based out of Boston, MA, has filed [PDF] with the Massachusetts US District Court for authorization to force ISPs around the US to turn over the identities linked to 10 IP addresses it believes were behind the August 8 attack.

DraftKings runs a daily fantasy sports service (which it notes is not considered gambling. Customers pay to play daily games where they assemble a ‘team’ of players from a given pro sports league, then collect points (and cash prizes) based on how the players performed that day in the actual games.

Because the games are played out anew each day, DraftKings said that the 26-minute DDoS on August 8 caused it significant damage from a loss of business and the subsequent cleanup of its systems.

fcc

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

READ MORE

“During this time, the attack prevented legitimate DraftKings users from actively engaging with the DraftKings Website,” the complaint reads.

“As a result of the attack, plaintiff’s personnel spent several days containing the attack and mitigating further potential damage from the malicious attack.”

Shortly after the attack ended, security staff were able to attribute the DDoS to 36 different IP addresses located mostly in various parts of the US. Now, DraftKings is asking the court to issue an order that would allow it compel seven different ISPs, hosts, and networking companies to hand over logs and user data they hope will lead them to ultimately unmask the 10 people believed to be behind the attack.

Among the third-parties whose info is being sought are internet giant Google and telcos Verizon and T-Mobile as well as cloud provider ColoCrossing, the American Registry for Internet Numbers, and service provider NetActuate.

Should DraftKings be able to unmask the attackers, the company plans to sue each for violation of the Computer Fraud and Abuse Act. ®

Sponsored: Following Bottomline’s journey to the Hybrid Cloud

READ MORE HERE