SECURITY EXPERT URGES CARE IN ONLINE ACTIVITY

14 March 2008

Trojans used to steal millions from online poker players, says security specialist


In an article in Tech Radar this week, Mikko Hyppönen the chief research officer at security software company, F-Secure cautions online poker players to take care when using the Internet as security scams are taking place.

In his work as a consultant with European security agencies on cyber crime Hyppönen frequently comes into contact with threats posed by cyber-criminals, and hears many cautionary tales of how people have been prejudiced, sometimes without even realising it.

Hyppönen told the publication that hackers are stealing millions from innocent web users, deploying tactics from mobile phone spying to planting Trojans and hacking into systems.

Online poker players, he claims, are some of the ripest targets. And the expert cautioned that he knows of cases where online poker sites have been used to "launder" money or credit obtained through cyber criminal enterprises, in at least one case by a ring which went on to buy articles subsequently sent to insurgency groups in Iraq.

“Online poker players are a massive target for hackers," said Hyppönen. "People play it with real money obviously, so they’re a big target. We were just investigating a case where a professional online poker player was attacked by someone he would play against regularly online. And we’re talking about professional players, and big money. Hundreds of thousands of euros on the table at a time,” he said.

“All of a sudden he started losing. He would regularly lose even when he had a great hand – pocket aces for example. If he had an unbeatable hand, the other players would simply fold. And when he tried to bluff, he would lose. He lost a lot of money this way, we’re talking hundreds of thousands of euros.

“This went on for weeks. And when we looked into it we realised that one of the other players at the table had sent him a tool. A calculator of sorts to help him optimise his poker playing. And we found that the application included a Trojan.

“When he was playing online poker against these people who were in another country, the guy could press a button and he would receive a screenshot of the target’s screen. So he sees the hole cards. If you’re playing poker and the other players know your cards, it’s pretty hard to win.

“It’s a clever attack because the hacker could have just stolen the account and moved the money away. But he would have been caught. But this way the target was losing his money to someone else and he didn’t realise it was a con. I don’t think many online poker players realise that those kind of attacks are being done.”

Hyppönen highlighted the case of Tariq Al-Daour who was sent to prison after he used online poker sites to launder millions of pounds to fund insurgents in Iraq.

“Tariq Al-Daour was sentenced last summer in London with two of his friends, for using Windows Trojans. They were using keyloggers which save everything you type on the keyboard. And they waited until you did online shopping so they could get your name, address, credit card number etc, and this way they managed to get 36 000 cards. American Express, Visa, Mastercard - the lot. And what they did is they took those cards to online poker sites.

“They set up new accounts with the stolen cards and of course they played against themselves, losing on purpose. This way they were able to launder the money. Again it’s pretty clever because if someone comes asking about all their money, they can prove they won it at poker.

“They laundered close to about two million euros. And the really weird part is what they did with the money. They took the money back to online shops and bought stuff like hiking boots, tents, knives, GPS devices, radios...

“And then they would use couriers to ship those goods to Iraq.”

Online Casino News courtesy of InfoPowa