Is Hacking More Likely At In-Person Or Online Casinos?

One of the more pervasive “warnings” we hear about gambling with Vegas-style international online casinos is that these sites are “unregulated” and thus more prone to things like hacking, identity theft, and so on.

Basically, the narrative is that legal offshore Vegas betting sites are fundamentally more prone to being hacked than big-name domestic casinos. Similarly, we constantly hear that users of such offshore sites are fundamentally more prone to being attacked personally and financially than users of brand-name in-state alternatives.

But in reality, this is a completely predictable scare tactic to control where gamblers spend their money. And it works.

In states that have domestic online gambling (casino, sports, and/or poker), the average player is more likely to play with domestic vendors. Things like commercially available gambling apps make the proposition convenient and compelling, even if there are appreciable benefits to gambling with international operators.

But more than the ease of installing an app from the App Store or Google Play store and tying in your bank account or debit/credit card, the main selling point is often one of legitimacy and safety.

Those two things are fundamentally related in the minds of consumers. Hey, these vendors are legal and legit; therefore they’re safe to use. Government regulations ensure that they’re using state-of-the-art cybersecurity protocols, that they employ top-class technical teams, etc.

Meanwhile, offshore sites are presented – by domestic competitors, naturally – as being illegal (they aren’t) and thus unsafe to use in terms of encryption and security technology (they also aren’t).

And then something like this happens.

What’s more, this isn’t the first time a Vegas casino or name-brand “big box” casino has been targeted by bad actors.

The ALPHV/BlackCat ransomware attack of MGM Resorts on September 11 wasn’t even the only casino hack that week. Just days earlier (September 7), Caesars Entertainment had their members rewards program held hostage and coughed up $15 million to get that data back.

At the time of this writing, MGM is refusing to pay up (the amount of the ransom is currently unknown), choosing instead to combat the attack with its own team along with assistance from law enforcement.

However, during MGM’s immediate response, the company’s services – along with many ancillary services – were taken offline. Per Adam Levin, “What the Hack” podcaster and founder of the CyberScout online security service:

“MGM shut everything down in order to stop whatever it was from continuing to wend its way through the system. ATM machines were impacted. Slot machines, digital room keys, electronic payment systems. The casino at one point was reduced to pen and paper.”

Clearly, if you were gambling with an MGM property during this time – even if you were only using the brand’s online gambling services – you were impacted.

Now, there’s a debate to be had about how valuable “personal information” actually is these days. Many online gamblers don’t much care about these kinds of breaches, particularly given the nature of our connected world.

Regardless, though, a breach shows weakness and vulnerability. Even if the stolen data is functionally worthless (or, more likely, totally redundant in the grand scheme), the fact that a venue was bested by bad actors is often enough for those bad actors to extract a substantial amount of money out of said venue.

It’s also bad for marketing in another crucial way.

These big casino companies get plenty of preferential treatment legally in the states and regions where they operate. They don’t usually have monopolies as such, but they have a lot of clout and definitely have all the leverage against smaller vendors.

Their biggest competitors are offshore operators who carry practically zero overhead and offer all the same games they do in the online space. These offshore operators also allow their customers to gamble with crypto, and they usually carry a minimum legal gambling age of just 18-plus as opposed to 21-plus.

But because no amount of lobbying at the state or federal level can criminalize these non-USA sites or police individual access to them (which remains completely legal in 2023, no matter which state you live in), the one angle domestic operators have is to smear offshore operators.

And when attacks like these are made known to the public, the big names lose a bit of that leverage.

That fact is that offshore international betting sites are perfectly safe and secure to use. They also don’t have nearly the deep pockets that domestic Vegas operators do, as these brands are valued in the tens of billions of dollars.

Who’s more likely to pay a ransom? The bigger fish with more to lose.

And who’s more likely to be attacked? The entity that’s more likely to pay.

It also doesn’t help things (for those big fish) that the smaller guys all embrace cryptocurrency on a fundamental level. The majority of offshore gamblers use crypto to bet online, and hackers can’t do much with that. Security is one of the hallmarks of crypto, after all. The stuff is quantum-hacking-resistant.

Another aspect that’s often overlooked when it comes to cybersecurity is identity verification.

When a domestic casino user signs up to gamble online or bets real money in a physical casino, state laws mandate a fairly invasive amount of private data to be collected on each customer. The more private data you have, the more valuable that data ostensibly is to those who mean to steal it.

Online offshore Vegas-style casinos, on the other hand, collect the bare minimum.

All they care about is that you’re at least 18 years old (21+ at some sites) and aren’t playing from a banned region. They don’t require a utilities receipt, they don’t need a bank routing number, they don’t ask for your social security number, they don’t track your movements, you aren’t on security recordings, or anything else.

Most of the data valuable to hackers as leverage is not used, accessed, or compiled by these sites. Some market analysts in the big boys’ pockets pretend this is all some terrible anti-consumer thing, but it isn’t.

These hacks are proof of that.

It might seem ironic or counterintuitive, but if you think about it, it’s nothing but a positive boon for the player.

Now, this isn’t all to say that any old online gambling site is going to be safer than MGM or Caesars. That’s clearly not the case. There are countless online casino scams out there operating in an offshore capacity. But these sites are easy to identify, and if you play with an established operator, there’s nothing to worry about.

So stop worrying and start playing!

Sources: The Washington Post, Engadget