Someone hacked into my poker account with a Trojan

[The Grapist]

I've already sent this to the Pitch a Bitch section, but I'm just going to give the abbreviated version here.

I woke to find that I was unable to log into my Pacific Poker account. I called in support, and we found that $2k was missing. I had the account suspended.

Five hours later, the last $1k was gone. Operations has sent me a few e-mails, stating that they are denying my claim because my IP address matches (the time I played and the time that the person stole my account). They also claimed the style was the same (when it obviously wasn't).

I have since found a Trojan on my PC, and I suspect that the Trojan is the culprit (or rather, the person who sent me the Trojan). Pacific maintains that if this is the case, they won't honor my claim.

This is a normal practic?

[largeeyes]

As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.

[The Grapist]

As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.

All they will say is that the IP and the Internet provider info matches. They won't say how they know.

But the thing that bugs me the most is that I called and had the account suspended, and five hours later more money is played away.

They then tell me

We do apologize for the fact that although your account was blocked,
access was still available for a short while. However, as all our
evidence points out that your account was accessed from your PC using
your username and password, we cannot support your claim that a third
party was involved and that this incident occurred due to our
negligence.

in one e-mail and

Jeff, I have examined very carefully your game history, the notes from
our Support Department and also the reports from our Technical
Department. After reviewing all this information, I concluded that you
played the funds from your account and that there was no unauthorised
use of it. Instead, I suspect you tried to profit from a technical error
that occurred when our software attempted to block your account
unsuccessfully. I apologize for that mistake, which created the
opportunity for you to play when you should not have had that option.

in another

I mean, I know it doesn't look good for me, but they don't have to go out and accuse me!

[largeeyes]

Yes, I would have a beef with it remaining unlocked.....and a bigger beef with them accusing me if taking advantage of it if that wasn't in fact true. I wish you all the luck getting this remedied

[jpm]

Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?

[pokeraddict]

I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?

[The Grapist]

I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?

They said that the style of play did not seem like chip dumping, because the span of play was a few hours, and 647 hands were played. I've noted that this is almost as many hands I played in a span of 9 nine days.

The only people in my house are myself and my mother. I was tossing and turning in my bed for that night, and my mom was dead asleep. That either leads to a trojan or me. I know it wasn't me, but Pacific doesn't care for that.

I'm also insulted that they lied about some facts in the case. They claimed that the style of play, the game played, and the stakes played were the same throughout the whole time.

The style of play was obviously different (the guy would do shit like RAISE WITH 72OFF AND 32OFF), the game was Texas Hold'em (Pacific Poker's most popular game), and the stakes were 15/30.

The tables were still high stakes, $15/$30, though not the highest which is $20/$40. The player on your account profited for the most of this time, and your account balance which began as $2955, reached a maximum of $4038. A total of 647 hands were played, and a sum of $36,366 wagered on the tables in this time. This is not the normal pattern for obvious chip dumping.

The part in bold is a blantant lie. And I can't comment on the part about the maximum balance and stuff. It wasn't me.

They've sent me some e-mails, some containing some nasty stuff, and they've said

As such, I can only offer you a choice between two courses of action:

1) You can admit that it was you who played and continue to use your
account as normal, in which case we will process your cash out request
normally.

2) You may wish to terminate your account with us, in which case we will
refund your current bankroll amount to you, by wire or draft, as well as
release your cash out. Your account will be permanently blocked from our
systems, as well as all credit cards used to deposit with us.

Please contact us at your earliest convenience and let us know how you
would like us to proceed.

Very classy of them.

Edit:

Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?

Windows XP, Norton's Anti-virus (which was disabled because it was slowing down my PC), Linksys router between the cable modem and PC.

I know it looks like it was me, which pisses me off. I mean, looking at the case from a detached perspective makes it look like it was me. This really sucks.

[GrandMaster]

I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely.

There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.

[The Grapist]

This really sucks. I'm considering responding to their latest e-mail with this

Charles,

I have since discovered that my computer was indeed infected by a Trojan Horse.

What I do not understand is why then after I called in, and had the account blocked, how someone was still able to access my account?

I stated that I ATTEMPTED to log into my account after I had it blocked, but was unsuccessful (which was I good thing, I assumed?). Someone was still able to do so. How can this be acceptable?

As I have said before, I understand that the situation does not look good for me, I understand the fact that the IP address matches and whatnot. We both can now agree that the fact that there was a Trojan Horse on my computer would explain why this happened. I would hope that Operations would give me the benefit of the doubt and at least attempt to believe my claims, but this obviously was not the case.

What I simply cannot understand is that why was it that after my account was blocked, someone was still able to log into my computer? And it wasn't even immediately after I called to have my account blocked, but over five hours later?

Why is it that this was never explained?

As much as it pains me to say, I can accept the fact that my account was depleted to $1,240. What I CANNOT and WILL NOT accept is that hours after this happened, and hours after I had called and had the account blocked, the account was depleted to $187.

What do you guys think?

(Of course, I'm mad at the account being depleted even by a dollar, but do you think it's time for me cut my loses? )

Oh, I should mention that I spoke to JDN, the Director of Full Tilt Poker. He thinks that this situation is ridiculous.

[jpm]

There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.

But it would be visible on the screen and of course the computer would have to be on. Its pretty unlikely that its remote desktop though, since he's operating behind a router and unless he set the router up for his computer to operate in the DMZ, or opened those specific ports thru to his computer's internal IP address, then that's not going to be the case.