Someone hacked into my poker account with a Trojan

The Grapist

Dormant account
I've already sent this to the Pitch a Bitch section, but I'm just going to give the abbreviated version here.

I woke to find that I was unable to log into my Pacific Poker account. I called in support, and we found that $2k was missing. I had the account suspended.

Five hours later, the last $1k was gone. Operations has sent me a few e-mails, stating that they are denying my claim because my IP address matches (the time I played and the time that the person stole my account). They also claimed the style was the same (when it obviously wasn't).

I have since found a Trojan on my PC, and I suspect that the Trojan is the culprit (or rather, the person who sent me the Trojan). Pacific maintains that if this is the case, they won't honor my claim.

This is a normal practic? :(
 

largeeyes

Dormant account
As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.
 

The Grapist

Dormant account
largeeyes said:
As much as it pains me to say this, but Pacific can't be held responsible for you not securing your computer from viruses and key stroke catchers. I'd be interested in why they say the IP addresses match.

:(

All they will say is that the IP and the Internet provider info matches. They won't say how they know.

But the thing that bugs me the most is that I called and had the account suspended, and five hours later more money is played away.

They then tell me
We do apologize for the fact that although your account was blocked,
access was still available for a short while. However, as all our
evidence points out that your account was accessed from your PC using
your username and password, we cannot support your claim that a third
party was involved and that this incident occurred due to our
negligence.
in one e-mail and
Jeff, I have examined very carefully your game history, the notes from
our Support Department and also the reports from our Technical
Department. After reviewing all this information, I concluded that you
played the funds from your account and that there was no unauthorised
use of it. Instead, I suspect you tried to profit from a technical error
that occurred when our software attempted to block your account
unsuccessfully. I apologize for that mistake, which created the
opportunity for you to play when you should not have had that option.
in another

I mean, I know it doesn't look good for me, but they don't have to go out and accuse me! :mad:
 

largeeyes

Dormant account
Yes, I would have a beef with it remaining unlocked.....and a bigger beef with them accusing me if taking advantage of it if that wasn't in fact true. I wish you all the luck getting this remedied
 

jpm

Dormant account
Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?
 

pokeraddict

Webmaster
I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?
 

The Grapist

Dormant account
pokeraddict said:
I cant imagine you will ever see a penny of this but the fact they blocked it and more money was missing, hmmmm, I would have to say they owe you that. Here is what probably happened. If someone hacked your account they found a friend and chip dumped. Pacific must know who the beneficiary of this loss was. Since I have heard time and time again their cashouts are very slow (5 days usually) this money still must be in their system, at least as pending. There would be no other reason to hack someones account unless they dumped, what good would it do? Maybe they know you? Roommate? family member? angry girlfriend?
They said that the style of play did not seem like chip dumping, because the span of play was a few hours, and 647 hands were played. I've noted that this is almost as many hands I played in a span of 9 nine days.

The only people in my house are myself and my mother. I was tossing and turning in my bed for that night, and my mom was dead asleep. That either leads to a trojan or me. I know it wasn't me, but Pacific doesn't care for that.

I'm also insulted that they lied about some facts in the case. They claimed that the style of play, the game played, and the stakes played were the same throughout the whole time.

The style of play was obviously different (the guy would do shit like RAISE WITH 72OFF AND 32OFF), the game was Texas Hold'em (Pacific Poker's most popular game), and the stakes were 15/30.

The tables were still high stakes, $15/$30, though not the highest which is $20/$40. The player on your account profited for the most of this time, and your account balance which began as $2955, reached a maximum of $4038. A total of 647 hands were played, and a sum of $36,366 wagered on the tables in this time. This is not the normal pattern for obvious chip dumping.
The part in bold is a blantant lie. And I can't comment on the part about the maximum balance and stuff. It wasn't me.

They've sent me some e-mails, some containing some nasty stuff, and they've said
As such, I can only offer you a choice between two courses of action:

1) You can admit that it was you who played and continue to use your
account as normal, in which case we will process your cash out request
normally.

2) You may wish to terminate your account with us, in which case we will
refund your current bankroll amount to you, by wire or draft, as well as
release your cash out. Your account will be permanently blocked from our
systems, as well as all credit cards used to deposit with us.

Please contact us at your earliest convenience and let us know how you
would like us to proceed.
Very classy of them.

Edit:
jpm said:
Unfortunately, people try all kinds of scams at online casinos, so they've heard it all before. Hence the accusatory email. I've read a few nearly identical stories here before and it always turns out that it was someone else in the house (or the person themselves) who were the actual culprit.

Not saying that is the case here, but I think you should check on anyone else who had access to your computer during the times in question. I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely. They can very easily tell from the IP address where the connection came from, and all of that info is routinely logged on the server.

What operating system are you using? Are you using a router of any sort between the computer and cable/dsl modem? Are you using any antivirus, antispyware, and/or internet security programs?
Windows XP, Norton's Anti-virus (which was disabled because it was slowing down my PC), Linksys router between the cable modem and PC.

I know it looks like it was me, which pisses me off. I mean, looking at the case from a detached perspective makes it look like it was me. This really sucks. :(
 
Last edited:

GrandMaster

Ueber Meister
CAG
jpm said:
I've yet to hear of any kind of trojan or virus that would allow you to play at a casino or poker room remotely.
There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.
 

The Grapist

Dormant account
This really sucks. I'm considering responding to their latest e-mail with this
Charles,

I have since discovered that my computer was indeed infected by a Trojan Horse.

What I do not understand is why then after I called in, and had the account blocked, how someone was still able to access my account?

I stated that I ATTEMPTED to log into my account after I had it blocked, but was unsuccessful (which was I good thing, I assumed?). Someone was still able to do so. How can this be acceptable?

As I have said before, I understand that the situation does not look good for me, I understand the fact that the IP address matches and whatnot. We both can now agree that the fact that there was a Trojan Horse on my computer would explain why this happened. I would hope that Operations would give me the benefit of the doubt and at least attempt to believe my claims, but this obviously was not the case.

What I simply cannot understand is that why was it that after my account was blocked, someone was still able to log into my computer? And it wasn't even immediately after I called to have my account blocked, but over five hours later?

Why is it that this was never explained?

As much as it pains me to say, I can accept the fact that my account was depleted to $1,240. What I CANNOT and WILL NOT accept is that hours after this happened, and hours after I had called and had the account blocked, the account was depleted to $187.
What do you guys think?

(Of course, I'm mad at the account being depleted even by a dollar, but do you think it's time for me cut my loses? :( )

Oh, I should mention that I spoke to JDN, the Director of Full Tilt Poker. He thinks that this situation is ridiculous.
 

jpm

Dormant account
GrandMaster said:
There are plenty of remote access trojans which enable the attacker to do pretty much anything on your computer, or once the hacker has sufficient access he can just use XP's remote desktop facility if the victim is running XP.
But it would be visible on the screen and of course the computer would have to be on. Its pretty unlikely that its remote desktop though, since he's operating behind a router and unless he set the router up for his computer to operate in the DMZ, or opened those specific ports thru to his computer's internal IP address, then that's not going to be the case.
 

The Grapist

Dormant account
jpm said:
But it would be visible on the screen and of course the computer would have to be on. Its pretty unlikely that its remote desktop though, since he's operating behind a router and unless he set the router up for his computer to operate in the DMZ, or opened those specific ports thru to his computer's internal IP address, then that's not going to be the case.
I leave my PC running 24/7, and I was asleep during the period that it happened (at least trying to sleep. I woke up in the middle of the night, went to my computer, and saw what I saw).

And I run BitTorrent all of the time, so I have ton of ports open (I think).
 

jpm

Dormant account
The Grapist said:
Windows XP, Norton's Anti-virus (which was disabled because it was slowing down my PC), Linksys router between the cable modem and PC.

I know it looks like it was me, which pisses me off. I mean, looking at the case from a detached perspective makes it look like it was me. This really sucks. :(
Which trojan did you find on there? Sounds like you've got things setup pretty well, except you have to keep that A/V enabled all the time. Also, even though you've got a bit of a firewall with the router, also download ZoneAlarm and run that on your system too. Goto www.webroot.com and download SpySweeper and scan your system. If there's one thing in there, there's probably more. Also, is that a wireless router by chance?

I'd demand from them your play logs and hand histories. Then compare your regular play to the rogue player's play. Make some notes of the obvious differences (like the blind levels played, the silly 72os raising, etc). Also see if he was losing to any player(s) in particular and write that up and send it to them as proof it wasn't you. Also, I'd pitch a bitch thru Bryan with the same info simultaneously.
 

jpm

Dormant account
The Grapist said:
I leave my PC running 24/7, and I was asleep during the period that it happened (at least trying to sleep. I woke up in the middle of the night, went to my computer, and saw what I saw).

And I run BitTorrent all of the time, so I have ton of ports open (I think).
You saw it playing when you woke up?? :eek:
 

The Grapist

Dormant account
jpm said:
You saw it playing when you woke up?? :eek:
No, I didn't see it playing. I saw a "your connection has been disabled" screen, called to see what was up (because it wasn't logging in like normal when I tried to connect after seeing that), and found out that someone had been playing.

Had them reset my connection, and found that $2k was missing!

And they won't release my hand history to me. They said that they only way that they'd let me see the hand history again is if I were to, as they put it
You can admit that it was you who played and continue to use your
account as normal
 
Last edited:

jpm

Dormant account
The Grapist said:
No, I didn't see it playing. I saw a "your connection has been disabled" screen, called to see what was up, and found out that someone had been playing.

Had them reset my connection, and found that $2k was missing!

And they won't release my hand history to me. They said that they only way that they'd let me see the hand history again is if I were to, as they put it
That is dead wrong. You have EVERY right to get your history and they have no right to deny that to you, regardless of whether it was you playing or not. I'd pitch a bitch immediately for that alone. I can't believe they would have balls to tell you that. Totally reprehensible. You paid for those hands via the rake that they took on each one, period.
 

The Grapist

Dormant account
jpm said:
That is dead wrong. You have EVERY right to get your history and they have no right to deny that to you, regardless of whether it was you playing or not. I'd pitch a bitch immediately for that alone. I can't believe they would have balls to tell you that. Totally reprehensible. You paid for those hands via the rake that they took on each one, period.
They really aren't letting me do much. Whenever I call, they tell me to e-mail Operations. I've requested numerous times to speak to someone from Operations. They refused.

Today I was told that they made a note on my account that I was to contact Operations via e-mail only, and that all requests that I made to speak with them should be denied! :mad:

And I've received four e-mails from Operations/Management. Three of them read almost exactly the same!

Edit: If you want, I can e-mail you all of the correspondence to date.
 

jpm

Dormant account
Sorry Grapist, I may have been referring to something that can be taken 2 ways. When I said you should pitch a bitch, I meant thru casinomeister's pitch a bitch form. I think you thought I meant bitch to the poker room lol.

Here's a link to what I'm talking about...

http://www.casinomeister.com/problems.html
 

The Grapist

Dormant account
Does anyone know how long it would take to get a response from the Pitch a bitch form?

Just curious. I've been talking to some friends, and I'm kinda worried that maybe the Trojan worked too well, I mean, if Pacific is convinced it was me.... :(
 

The Grapist

Dormant account
Well, for some reason, I can't find a way to edit my posts, so sorry for the third post in a row.

If anyone's interested, I'm currently talking to the person that referred me to Pacific. He's an affliate of some sort. He said that he's going to try to take care of the situation.

Let's hope that something works.
 
Top