Someone hacked into my poker account with a Trojan

[The Grapist]

I've already sent this to the Pitch a Bitch section, but I'm just going to give the abbreviated version here.

I woke to find that I was unable to log into my Pacific Poker account. I called in support, and we found that $2k was missing. I had the account suspended.

Five hours later, the last $1k was gone. Operations has sent me a few e-mails, stating that they are denying my claim because my IP address matches (the time I played and the time that the person stole my account). They also claimed the style was the same (when it obviously wasn't).

I have since found a Trojan on my PC, and I suspect that the Trojan is the culprit (or rather, the person who sent me the Trojan). Pacific maintains that if this is the case, they won't honor my claim.

This is a normal practic?

 

[largeeyes]

As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.

 

[The Grapist]

As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.

All they will say is that the IP and the Internet provider info matches. They won't say how they know.

But the thing that bugs me the most is that I called and had the account suspended, and five hours later more money is played away.

They then tell me

We do apologize for the fact that although your account was blocked,
access was still available for a short while. However, as all our
evidence points out that your account was accessed from your PC using
your username and password, we cannot support your claim that a third
party was involved and that this incident occurred due to our
negligence.

in one e-mail and

Jeff, I have examined very carefully your game history, the notes from
our Support Department and also the reports from our Technical
Department. After reviewing all this information, I concluded that you
played the funds from your account and that there was no unauthorised
use of it. Instead, I suspect you tried to profit from a technical error
that occurred when our software attempted to block your account
unsuccessfully. I apologize for that mistake, which created the
opportunity for you to play when you should not have had that option.

in another

I mean, I know it doesn't look good for me, but they don't have to go out and accuse me!

 

[largeeyes]

Yes, I would have a beef with it remaining unlocked.....and a bigger beef with them accusing me if taking advantage of it if that wasn't in fact true. I wish you all the luck getting this remedied

 

[jpm]

Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?

 

[pokeraddict]

I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?

 

[The Grapist]

I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?

They said that the style of play did not seem like chip dumping, because the span of play was a few hours, and 647 hands were played. I've noted that this is almost as many hands I played in a span of 9 nine days.

The only people in my house are myself and my mother. I was tossing and turning in my bed for that night, and my mom was dead asleep. That either leads to a trojan or me. I know it wasn't me, but Pacific doesn't care for that.

I'm also insulted that they lied about some facts in the case. They claimed that the style of play, the game played, and the stakes played were the same throughout the whole time.

The style of play was obviously different (the guy would do shit like RAISE WITH 72OFF AND 32OFF), the game was Texas Hold'em (Pacific Poker's most popular game), and the stakes were 15/30.

The tables were still high stakes, $15/$30, though not the highest which is $20/$40. The player on your account profited for the most of this time, and your account balance which began as $2955, reached a maximum of $4038. A total of 647 hands were played, and a sum of $36,366 wagered on the tables in this time. This is not the normal pattern for obvious chip dumping.

The part in bold is a blantant lie. And I can't comment on the part about the maximum balance and stuff. It wasn't me.

They've sent me some e-mails, some containing some nasty stuff, and they've said

As such, I can only offer you a choice between two courses of action:

1) You can admit that it was you who played and continue to use your
account as normal, in which case we will process your cash out request
normally.

2) You may wish to terminate your account with us, in which case we will
refund your current bankroll amount to you, by wire or draft, as well as
release your cash out. Your account will be permanently blocked from our
systems, as well as all credit cards used to deposit with us.

Please contact us at your earliest convenience and let us know how you
would like us to proceed.

Very classy of them.

Edit:

Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?

Windows XP, Norton's Anti-virus (which was disabled because it was slowing down my PC), Linksys router between the cable modem and PC.

I know it looks like it was me, which pisses me off. I mean, looking at the case from a detached perspective makes it look like it was me. This really sucks.

 

[GrandMaster]

I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely.

There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.

 

[The Grapist]

This really sucks. I'm considering responding to their latest e-mail with this

Charles,

I have since discovered that my computer was indeed infected by a Trojan Horse.

What I do not understand is why then after I called in, and had the account blocked, how someone was still able to access my account?

I stated that I ATTEMPTED to log into my account after I had it blocked, but was unsuccessful (which was I good thing, I assumed?). Someone was still able to do so. How can this be acceptable?

As I have said before, I understand that the situation does not look good for me, I understand the fact that the IP address matches and whatnot. We both can now agree that the fact that there was a Trojan Horse on my computer would explain why this happened. I would hope that Operations would give me the benefit of the doubt and at least attempt to believe my claims, but this obviously was not the case.

What I simply cannot understand is that why was it that after my account was blocked, someone was still able to log into my computer? And it wasn't even immediately after I called to have my account blocked, but over five hours later?

Why is it that this was never explained?

As much as it pains me to say, I can accept the fact that my account was depleted to $1,240. What I CANNOT and WILL NOT accept is that hours after this happened, and hours after I had called and had the account blocked, the account was depleted to $187.

What do you guys think?

(Of course, I'm mad at the account being depleted even by a dollar, but do you think it's time for me cut my loses? )

Oh, I should mention that I spoke to JDN, the Director of Full Tilt Poker. He thinks that this situation is ridiculous.

 

[jpm]

There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.

But it would be visible on the screen and of course the computer would have to be on. Its pretty unlikely that its remote desktop though, since he's operating behind a router and unless he set the router up for his computer to operate in the DMZ, or opened those specific ports thru to his computer's internal IP address, then that's not going to be the case.

 

[The Grapist]

But it would be visible on the screen and of course the computer would have to be on. Its pretty unlikely that its remote desktop though, since he's operating behind a router and unless he set the router up for his computer to operate in the DMZ, or opened those specific ports thru to his computer's internal IP address, then that's not going to be the case.

I leave my PC running 24/7, and I was asleep during the period that it happened (at least trying to sleep. I woke up in the middle of the night, went to my computer, and saw what I saw).

And I run BitTorrent all of the time, so I have ton of ports open (I think).

 

[jpm]

Windows XP, Norton's Anti-virus (which was disabled because it was slowing down my PC), Linksys router between the cable modem and PC.

I know it looks like it was me, which pisses me off. I mean, looking at the case from a detached perspective makes it look like it was me. This really sucks.

Which trojan did you find on there? Sounds like you've got things setup pretty well, except you have to keep that A/V enabled all the time. Also, even though you've got a bit of a firewall with the router, also download ZoneAlarm and run that on your system too. Goto www.webroot.com and download SpySweeper and scan your system. If there's one thing in there, there's probably more. Also, is that a wireless router by chance?

I'd demand from them your play logs and hand histories. Then compare your regular play to the rogue player's play. Make some notes of the obvious differences (like the blind levels played, the silly 72os raising, etc). Also see if he was losing to any player(s) in particular and write that up and send it to them as proof it wasn't you. Also, I'd pitch a bitch thru Bryan with the same info simultaneously.

 

[jpm]

I leave my PC running 24/7, and I was asleep during the period that it happened (at least trying to sleep. I woke up in the middle of the night, went to my computer, and saw what I saw).

And I run BitTorrent all of the time, so I have ton of ports open (I think).

You saw it playing when you woke up??

 

[The Grapist]

You saw it playing when you woke up??

No, I didn't see it playing. I saw a "your connection has been disabled" screen, called to see what was up (because it wasn't logging in like normal when I tried to connect after seeing that), and found out that someone had been playing.

Had them reset my connection, and found that $2k was missing!

And they won't release my hand history to me. They said that they only way that they'd let me see the hand history again is if I were to, as they put it

You can admit that it was you who played and continue to use your
account as normal

 

[jpm]

No, I didn't see it playing. I saw a "your connection has been disabled" screen, called to see what was up, and found out that someone had been playing.

Had them reset my connection, and found that $2k was missing!

And they won't release my hand history to me. They said that they only way that they'd let me see the hand history again is if I were to, as they put it

That is dead wrong. You have EVERY right to get your history and they have no right to deny that to you, regardless of whether it was you playing or not. I'd pitch a bitch immediately for that alone. I can't believe they would have balls to tell you that. Totally reprehensible. You paid for those hands via the rake that they took on each one, period.

 

[The Grapist]

That is dead wrong. You have EVERY right to get your history and they have no right to deny that to you, regardless of whether it was you playing or not. I'd pitch a bitch immediately for that alone. I can't believe they would have balls to tell you that. Totally reprehensible. You paid for those hands via the rake that they took on each one, period.

They really aren't letting me do much. Whenever I call, they tell me to e-mail Operations. I've requested numerous times to speak to someone from Operations. They refused.

Today I was told that they made a note on my account that I was to contact Operations via e-mail only, and that all requests that I made to speak with them should be denied!

And I've received four e-mails from Operations/Management. Three of them read almost exactly the same!

Edit: If you want, I can e-mail you all of the correspondence to date.

 

[jpm]

Sorry Grapist, I may have been referring to something that can be taken 2 ways. When I said you should pitch a bitch, I meant thru casinomeister's pitch a bitch form. I think you thought I meant bitch to the poker room lol.

Here's a link to what I'm talking about...

https://www.casinomeister.com/player-arbitration-pab/

 

[The Grapist]

Sorry Grapist, I may have been referring to something that can be taken 2 ways. When I said you should pitch a bitch, I meant thru casinomeister's pitch a bitch form. I think you thought I meant bitch to the poker room lol.

Here's a link to what I'm talking about...

https://www.casinomeister.com/player-arbitration-pab/

I know what you meant.

I already pitched a bitch.

 

[The Grapist]

Does anyone know how long it would take to get a response from the Pitch a bitch form?

Just curious. I've been talking to some friends, and I'm kinda worried that maybe the Trojan worked too well, I mean, if Pacific is convinced it was me....

 

[The Grapist]

Well, for some reason, I can't find a way to edit my posts, so sorry for the third post in a row.

If anyone's interested, I'm currently talking to the person that referred me to Pacific. He's an affliate of some sort. He said that he's going to try to take care of the situation.

Let's hope that something works.

 

[murder1]

Sounds like someone needs G.A. meetings. Its addictive and people will do anything to trying and fight the need for greed. Running your account up to $4038 doesn't sound like chip dumping to me. What it sounds like you were unable to stop. The 5 days waiting period makes you reverse your cashin and continue playing. Im willing to bet, You was still logged in and asked support to close your account. You was hoping to get some of your money back and cashout. Knowing that your account would be closed upon logging out. You could then receive your money without risking losing any more. But it didn't work out like that.

Most of us have done these type of things before. Like placing a stop on a EFT from our banks. Because the casino took us for a quick ride. Or claiming someone stole our CC# and used it. But its all comes down to addictions. Their are too many odds from what you posted. To suggest that it was nothing more then greed and addiction.

I can scan my computer right now. And find Spyware and Trojan. I don't even have a Virus Protection Program. All I do is play yahoo Hearts, Spades, and online gaming. But never had someone to hack into my Neteller, Firepay, or Casino Account.

I know those sleepless nights, you toss and turn. Because of have large sum of $$$ in your playing account. And you get up in the middle of the night and play it away. I usually go on my losing streak around 7 am in the morning.

 

[The Grapist]

I know those sleepless nights, you toss and turn. Because of have large sum of $$$ in your playing account. And you get up in the middle of the night and play it away. I usually go on my losing streak around 7 am in the morning.

But I wasn't playing.

And I have never played as late as the account was being played. I mean, the person playing was playing at 4 am!

And I asked for them to close the account as soon as I found out the balance. And that was that, or so I thought.

And also, running up to $4038 doesn't sound like me, because I've been playing with a pattern ever since I started playing at Pacific. Win one or two hands, leave the table.

That's what I was doing up to and including Saturday, the last day I played. So why would I all of a sudden start playing after midnight, and for 645 hands?

 

[The Grapist]

After talking to the person who referred me to Pacific, the affliate, it seems like some progress may be made.

I want to thank the people who are trying to help. And I understand why some people may think that I made this up (although I didn't). They're just trying to help too. Because I know that gambling could be a serious problem for some.

I'll update if I get any word from the Pitch a bitch form, or from the affliate.

 

[Freudian]

I know of no trojan that could play poker through your computer. And since the traffic originated from your ip, either you or someone using your computer did the playing here.

I can't see any basis for your complaint here. This is what I would expect to see from someone really computer illiterate when trying to scam a pokerhouse.

If I was to venture a guess to what happened, I would say Drunk Gambling followed by the realization that something went wrong. Have seen it so many times before.

 

[The Grapist]

I know of no trojan that could play poker through your computer. And since the traffic originated from your ip, either you or someone using your computer did the playing here.

I can't see any basis for your complaint here. This is what I would expect to see from someone really computer illiterate when trying to scam a pokerhouse.

If I was to venture a guess to what happened, I would say Drunk Gambling followed by the realization that something went wrong. Have seen it so many times before.

The problem is that I'm not computer illiterate, I'm 19, and I never drink.

I can understand their policy of not refunding in cases of Trojans, but what I can't understand is that how even after I called to have the account suspended, more money was taken out.

Oh, and the money that was taken wasn't money that I deposited, even with all of the $3k gone, I'm still up from my initial deposit. I'm pissed that it happened, period.

Edit: I don't understand why so few of you are willing to believe me. This has never happened before? If it hasn't, I dunno what to say. Other than I'm not lying.