PlayNow may have compromised users' personal information, opposition party says
VANCOUVER, B.C. — British Columbians' personal information may have been compromised when the government's online gambling website, PlayNow.com, crashed last week, according to the New Democratic Party.
PlayNow, the first government-sanctioned online casino in North America, was shut down only hours after it was launched last Thursday.
The B.C Lottery Corp. said unexpectedly high traffic caused the server to crash, so it had to be pulled down to be fixed. Minister of Housing and Social Development Rich Coleman, who is responsible for BCLC, also told CTV News on Friday that visitors' information may have leaked.
"It does appear that some information — because of all the data hitting at once — might have been displayed on somebody's computer, so we are dealing with that," he said.
The NDP however, believes the website crashed because it was hacked, though it has no hard evidence to support that claim. "Experts have made assertions that hacking was a possibility," said Shane Simpson, NDP critic for housing and social development. "But the most concerning thing is that the government and BCLC has not been definitive that there wasn't some kind of activity that breached the security of the site."
The Vancouver Sun left messages on Coleman's office line and on BCLC's media line Monday asking for a response to the rumours about a security breach. No messages were returned as of Monday evening, even though BCLC's media-line message states the line is monitored from 7 a.m. to 9 p.m., seven days a week.
According to Simpson, BCLC had offered $10 credits to users of PlayNow in order to generate demand on the day of the launch. "They knew there was going to be a lot of people coming to the site, yet the site crashed before it even left the ground," said Simpson. "That raises a series of questions as to what occurred here, but the government doesn't seem prepared to be clear as to what occurred."
PlayNow's home page shows the message: "Your browser was not able to connect to the remote site, probably because they are too busy or having problems. Please try refreshing your browser, or try again later."
"It clearly wasn't a minor technical difficulty because the site has been shut down for days," said Simpson.
According to one technology consultant, it is possible for hackers to fool a server into thinking it is overloaded.
"A hacker can unleash an army of sleeping computers called 'bots,' which can start generating traffic on a server and overwhelm it," said Vaclav Vincalev, president of Pacific Coast Information Systems, a Vancouver IT consulting firm. "If the site is not prepared for it, it would become extremely slow or crash in the end."
Once a site's security has been breached, it is possible to steal information even when the website is still up and running, and to hack into any visitor's computer, said Vincalev.
"The bottom line is [BCLC] was not prepared to go online," he said. "Whether they were not prepared with enough technology, underestimated the number of users, or did not expect to get attacked ... they just underestimated what they were doing."
"They're expecting people to put significant personal information and credit card information on there," said Simpson. "The government simply has to be more transparent if they want people to have confidence in their site."
(Click to display full-size in gallery)