Cybersecurity: Is Your Customer Data Being Sold on the Dark Web?

by Andrew Cardno

You have undoubtedly become painfully aware, possibly from first-hand experience, of the rising occurrence of tribal casinos being held ransom, but how will you know there is a data breach without the caveat of ransom? There very likely has been a data breach, probably even many, and if so, your patrons’ personal information and other data may have already been sold on the Dark Web.

Finding Your Database on the Dark Web?

Over 15 billion stolen account credentials are already in circulation, and more breached data is being gathered exponentially from more devices at faster rates as the volume of digital information in its entirety doubles every two years. Cyber attacks have become ever more prevalent as cyber criminals’ tactics have advanced along with technology, leaving no industry untouched. It has become abundantly clear that cyber criminals are winning the fight for your database with no end in sight for the amount that will continue being stolen while the rest of the data-reliant world continuously plays catch-up with these criminals.

For the brave, you can find out if your data has already been breached by conducting a reconnaissance audit into the dark web. With the help of a specialized intelligence agents, you can delve into the mysterious world of online databases. This audit will likely find data about many of your customers and team members. In addition to your player database, you may find secret business plans, executive IDs, details of IT infrastructure, back door entry points into the facility and even compromising material (or kompromat) on key members of your community.

What is it Worth?

Selling ID card information for as low as 50 cents up to $10 and full personal identification information (PII) packs including a name, date of birth, SSN, ID number, email address, and phone number for just $10 per person, cyber attackers are offering stolen data for prices so astonishingly low you would wonder what is even the point?

Your Database Now has Value in Online Gambling Dens

In the cyber criminal world, selling stolen personally identifiable information (PII) for mere small change is the norm, due to the massive oversupply of available stolen data. Cyber agents use the inconspicuous nature of Bitcoin to their advantage in online Bitcoin casinos, allowing both the gambling operators and gamblers to mask their identities through the purely digital encrypted transactions.

A database of known brick-and-mortar gamblers is very valuable to online gambling operations as it is well known that gamblers in brick-and-mortar operations have a higher propensity to gamble online. This creates a dangerous situation where an anonymous sale of your customer database with untraceable digital currency can happen completely without your knowledge or control. To put it simply, any person who is able to see your customer database can trade in its contents in the dark web in anonymous digital currency.

To compound this situation, illegal gambling sites are even able to successfully operate on the Surface Web through a variety of nefarious strategies, such as employing complex and obscure money funneling schemes in effort to deceive banks and evade having their criminal accounts blocked. Additionally, just as Bitcoin makes it easier to sell stolen PII and conduct a wide variety of illegal activities due to its anonymity and lack of regulation, the currency makes it easier for online gamblingoperations to hide themselves in the blind spot of legality.

By avoiding paying taxes and other costs pertaining to registration fees, legal advisors, compliance, etc. that would normally be associated with the bureaucracy of a meticulously regulated brick-and-mortar casino operation, unlicensed online Bitcoin casinos are able to offer higher and faster payout, low house edge, tax-free winnings, and better promotions. Now, your casino is threatened by hackers specifically targeting your tribal casinos based on the false assumption that your cybersecurity infrastructure and defense is inferior to that of a commercial casino, and they are not only interested in stealing your data to sell for a small fortune in Bitcoin – hackers are targeting your customers in attempt to lure them into their illegal online gambling schemes by giving site visitors the impression of legality through the appearance of legitimacy and sense of security. The success you have achieved through collecting patron data with sophisticated player tracking technologies to precisely create marketing campaigns and provide personalized customer experiences can be used by hackers to bring your players over to their online gaming operation.

Cybersecurity Defense and Protection

There is good news, however, for your tribal casino operating away from the cloud. The advantage of tribal sovereignty allows you to create your own substantial tribal regulations and adopt a comprehensive approach to data privacy that pertinently acknowledges the various aspects of data collection and storage, relating specifically to your gaming operation. You have the ability to regulate and secure your properties to much higher standards than the commercial gaming operations, and you absolutely should. This will not only serve your security interests, but it will also instill trust that your patrons’ personal data is being protected by a robust cybersecurity defense program. You can, for example, form specific regulations relating to individuals and organizations responsible for your patron database.

Other methods of preventing the likelihood and extent of a cyber attack includes implementing and enforcing risk management protocols and security programs with carefully constructed policies and procedures for the rapid deployment of mitigation resources accompanied by a 24-hour in-house team of cybersecurity experts to proactively monitor security defense mechanisms. Be sure to consider the security of your casino’s infrastructure, systems, and applications by performing a penetration test on your property to identify potential vulnerabilities that may provide a gateway for exposure to cyber attacks.

Cyber insurance will provide an additional remedy to reduce costs and other losses associated with a data breach, especially when combining different options for cyber coverage. It is important to purchase coverage that aligns with your tribal organization and respective risk portfolios, being sure to carefully examine the insurer’s policies, deadlines, and conditions and look out for traps like exclusions or misrepresentations. Extra attention from expert legal advisors should be mandatory.

Although the best chance of avoiding a security breach is provided by having the broadest extent of defenses to prevent cyber attacks, it is not possible to completely eliminate the chance of one happening because cyber criminals are getting increasingly creative at using the advancement of modern technologies for targeting attacks. Consider the example of a recent Las Vegas casino that experienced a security breach that was accessed through a high-tech automatic feeding fish tank connected to the internet in the high-roller area. Even once you have finally caught up with all of the possible securities to prevent a hacker from getting into your property, they will find a new creative tactic to achieve success.

In Summary

It may seem daunting that you are subject to constant attack and that these attacks now extend from ransomware to patron database copying. The good news is that all organizations have the same challenges and tribal gaming has some real advantages, including being able to be proactive in building regulations to ensure protection of your data and facilities.

Andrew Cardno is Co-Founder and Chief Technology Officer of Quick Custom Intelligence (QCI). He can be reached by calling (858) 299-5715 or email [email protected].