Cyber Incident Victim: New Jersey Online Casinos

A cyberattack targeted four New Jersey online gambling websites during the July 4th holiday weekend in 2015, beginning on Thursday and continuing through Sunday. The New Jersey Division of Gaming Enforcement confirmed the incident involved distributed denial-of-service (DDoS) attacks that flooded casino networks with excessive traffic, rendering them inoperable for approximately 30-minute intervals. Director David Rebuck stated the initial attacks caused confirmed downtime for the affected gambling platforms. Following the DDoS incidents, an unidentified perpetrator issued ransom threats promising a more powerful and sustained secondary attack unless Bitcoin payments were made. While the exact ransom amount wasn't disclosed, authorities warned the threatened follow-up attack could potentially disrupt not only the targeted casinos but all Atlantic City businesses sharing the same internet service provider due to shared infrastructure vulnerabilities.

Multiple law enforcement agencies including the New Jersey Division of Gaming Enforcement, State Police, FBI, and New Jersey Office of Homeland Security and Preparedness initiated investigations into the coordinated attacks. Rebuck identified the perpetrator as a "known actor" with prior history of similar cybercrimes, though no specific attribution to nation-states or criminal groups was provided. The incident occurred against the backdrop of New Jersey's growing online gambling industry, which had generated $12.5 million in revenue in May 2015. While online casinos represented a small portion of overall gaming revenue at the time, this marked one of the first significant cyberattacks against U.S.-based internet gambling platforms, contrasting with more frequent offshore incidents noted by gaming researchers. No confirmation was provided regarding whether ransom payments were made or if secondary attacks materialized following the initial disruption period.