Betfair exec says that more industry cooperation is needed to prevent denial-of-service attacks.
Special to CNET News.com
The chief technology officer of online gaming portal Betfair has called for more government and industry cooperation to combat the growing threat of distributed denial-of-service attacks to online businesses.
In an exclusive interview, David Yu said that DDoS attacks may have only really affected a handful of businesses so far, but any company that relies on the Web to make transactions with customers or partners should be aware of the problem.
"I think, in general, there is a lot more that the e-commerce industry as a whole needs to be aware of. Security threats are not a gaming-related problem—they could easily affect any other e-commerce company, online travel, online books; they could affect health care and government," Yu said.
"I think there have been some sectors who have said, 'It's not our problem. It's not for us to worry about.' Well, I would tell them that it is going to be their problem if they don't pay attention," he added.
Betfair, along with other U.K. betting sites, has been targeted by Web-based criminals and has been a victim of DDoS attacks on three separate occasions. The attacks work by flooding the businesses' servers with traffic, often generated by hijacking private PCs to create so-called "bot nets."
In July, Betfair said that its main exchange site was affected for just over an hour by a DDoS attack. The attack prevented users from accessing the site. Some customers said they were unable to view or place bets, and others claimed to have lost money.
Yu said that during a period of sustained DDoS attacks earlier this year, various gaming organizations banded together to exchange information on how best to tackle the problem.
"What we saw is that the gaming industry as a whole has been under threat but worked pretty well at the time to combat the problem together. What we started to do was have industrywide forums, where the heads of infrastructure from all these other companies got together," he said.
"It worked very well...Although we compete against each other as hard as we can, here was a common threat which we came together to combat, and shared information," he added.
Yu said that although its Internet service provider Cable & Wireless had been very effective, there is a lot more that ISPs could do to prevent DDoS attacks and help security agencies track down the culprits.
"A lot of these attacks stem from individual (broadband connected) PCs being compromised and then using that broadband access to flood these sites," he said. "We think that ISPs could do a lot if they took more responsibility. We do see a mix; we see some network providers who work very actively to try and cleanse their system and provide high-quality bandwidth, and the others who don't."
Yu's comments echo remarks from former U.S. cybersecurity chief Richard Clarke, who said earlier this month: "I think we are going to see companies asking their ISPS to do more. A lot of denial-of-service attacks could be prevented if ISPs cooperated with each other."
Andrew Donoghue of ZDNet UK reported from London.