Spanish Man Exploits Online Gambling App Bug To Steal Almost $500K
Posted on: August 24, 2023, 06:30h.
Last updated on: August 24, 2023, 06:30h.
A certain iGaming operator might need to take a closer look at its development team, as well as its financial audit policies. One of its users in Spain was able to exploit a bug in the operator’s app that allowed him to walk away with almost half a million dollars.
Forces with Spain’s Civil Guard have busted a scammer who exploited a security flaw in an unidentified online betting app. As part of an ongoing police investigation dubbed “Operation Diacero,” computer forensic specialists with the Civil Guard’s unit in the city of Algeciras arrested an individual they say stole more than €450,000 (US$488,610) through the gaming platform.
The operation got its name, Diacero (an amalgamation of the Spanish words for zero and day), apparently in honor of the name of the zero-day vulnerability. This is a term for bugs or glitches that have been uncovered but for which the developers have not created a solution or installed a patch to correct the issue.
Beating the System
The chain of events unfolded after the gaming operator reported a series of odd withdrawals of bet winnings at a gambling property in Los Barrios, a town in the autonomous community of Andalusia in southern Spain.
The perpetrator apparently didn’t realize that his actions were being captured on surveillance cameras inside the property every time. With that, local law enforcement was able to figure out who he was and what he was doing.
Through the zero-day exploit, he managed to conduct more than 650 withdrawals of around €700 (US$759) each. The Civil Guard didn’t detail for how long the activity went on, but the property probably should have caught on to his actions sooner than it did.
There are still a lot of unanswered questions. The authorities want to find out how the man discovered the glitch and determine if other apps could suffer the same issue.
As part of the ongoing investigation, the Civil Guard continues to delve into the intricacies of the scheme. They want to find out if there are any possible links with additional entities that might be operating under a similar modus operandi. As such, there could be more arrests in the coming days.
Online Gambling Makes For Easy Targets
The rapid growth of the online gaming sector in recent years has led to an increase in entertainment options for consumers and tax revenue for governments. Nevertheless, this surge in popularity has also sparked the interest of cybercriminals who seek to exploit its weaknesses.
Various factors contribute to making the gaming industry an appealing and accessible target to more than a few unscrupulous actors. Through the online channels, users often have to provide their banking details in order to make deposits and withdrawals, presenting valuable information that may be exploited in cases of ATO (account takeover) or data breaches.
Political and ethical adversaries of gambling frequently target gambling enterprises, as well. The operators then often find themselves subject to a barrage of malevolent activities, such as DDoS (dedicated denial of service) attacks or DNS spoofing (changing domain name system registrations to send netizens to other websites). These are engineered by crooks or individuals sympathetic to governments prohibiting gambling activities, like is the case of China.
Web applications and APIs are an integral part of the gaming industry, enabling everything from online multiplayer experiences to in-game shopping. However, these technologies can introduce vulnerabilities if not properly configured. Only through rigorous and thorough testing can developers ensure that their code is bug-free.
Related News Articles
Source: casino.org