Someone hacked into my poker account with a Trojan

[lanidar]

Yes, there are Remote Control Trojan Horse Software that makes any virus you have seen to date seem like harmless child's play. These programs will allow anyone on the Internet to remotely control your computer. They can collect all your passwords, access all your accounts including Email and PeopleSoft, read and modify all your documents, publish your hard drive so its shared across the Internet, record your keystrokes, look at your screen, and listen to your conversations on your computer's microphone. You'll never know its happening.

Consider for a moment the implications of someone controlling your computer. They would have access to any account you access from your computer. If you access your employer's systems, they could use those accounts to perform fraudulent transactions. They could perform online stock or banking transactions with your personal accounts. They could read your email and send email in your name. They could use your computer as a stepping stone to another computer in which case you may get blamed. The victims of any abuse performed by the controller of your computer would only see your computer's network address. You may even be sitting in front of the keyboard when the computer is used in some crime. This would make it very difficult for you to prove your innocence, particularly if the actual perpetrator erased the evidence of their presence after performing the crime.

WOW!!!!
I had No idea that this could be done!
VERY informative..thanks for the GREAT post. :notworthy

 

[Petunia]

"...almost anything is possible when it comes to computers, but most of those are not probable - jmp"

Dear jmp, I do not hold the philosophy that 'it is probable but wont happen to me' and therefore I posted the FACT that it IS possible. I did not mean to suggest that the ZOMBIE is the culprit, mearly wanting to show that it is POSSIBLE for computers to be 'controlled'. I apologise for any deductions that was made due to me not expressing myself too well. Let's blame the language for it too.

Jinna: I could NOT have said that better myself. In South Africa, most of our BANKS had to spend gazillions due to JUST this issue! AND STILL it is a threat.
Thank you for taking the time to give this kind of information.

I do not live in a world of paranoia, but I do not subscribe to SEP either (Someone else's problem- Hitchikers guide)

 

[The Grapist]

It's been quite a while since any news. I should I e-mail Bryan to see what's up, or just wait? :-/

 

[lppa2004]

The reason why your story doesn't add up is this.

You are claiming that a trojan was running a session on your computer without you knowing it. There is no way of these programs to be running in hidden mode. You would see it on your screen. You would see the client, you would see the cards etc.

And since you claim you couldn't log on when trying (because this supposed hacker was logged in), this other session must have been running on your computer at the same time according to you (since it only played from your ip). So why didn't you see the poker program running? Simply because there was no trojan running the poker program through your computer. You can't even run two instances of Party Poker at the same time. So you shouldn't even be able to get to the login screen if another session of Party was running on your computer.

Anyway, feel free to contact people and plead your case. I doubt you will have any success. And you are correct, I have never seen a case where someone ripped someone off from their own computer in this way. I have seen plenty of cases where people claim that trojans lost the money and not the players themselves.

Actually just to give a bit of defense here... It is possible for the hacker to have used a trojan to watch this persons activity and in the process getting his password using the keystroke logger thats common of trojans(which would be super easy with pac poker, since they always make you enter your pass) .. Once the person had the pass they could log in from anywhere, and any good hacker would be able to mask their IP/Host and spoof/fake this persons IP/HOST info.. Now wheter or not Pac poker really done a thorough trace route on the network traffic during that timeframe is another thing.. As for that being much help now, not likely since id imagine paciffic poker has dumped any router and server logs

 

[jetset]

It's been quite a while since any news. I should I e-mail Bryan to see what's up, or just wait? :-/

I've just finished a telephone conversation with Bryan and he has a full list of business activity that he is attacking at present having returned from conferencing in Vegas.

I'm sure he'll get around to attending to everyone's hassles in Pitch A Bitch, which sounds pretty busy at the moment.

 

[jpm]

Actually just to give a bit of defense here... It is possible for the hacker to have used a trojan to watch this persons activity and in the process getting his password using the keystroke logger thats common of trojans(which would be super easy with pac poker, since they always make you enter your pass) .. Once the person had the pass they could log in from anywhere, and any good hacker would be able to mask their IP/Host and spoof/fake this persons IP/HOST info.. Now wheter or not Pac poker really done a thorough trace route on the network traffic during that timeframe is another thing.. As for that being much help now, not likely since id imagine paciffic poker has dumped any router and server logs

It wasn't spoofed, it was done from his computer. He said he woke up and saw the software open on his computer. I think that part was real early in the thread.

 

[lppa2004]

im pretty sure he meant he left the software open his self... i recall what your talking about tho... earlier on he says he woke up to find theri was disconnect, im pretty sure what he was saying is he went to bed and left the software open and connected and when he woke up someone had connected from his username which would or should automatically have kicked him off from his home PC.. I cnat really say if this is what happend, just my 2 cents and sharing of info on something i happen to know a little bit about.. Altho i will be honest and admit im a bit skeptical too, but i do agree that pac poker should be paying you for the money that shouldnt of never disappeared if they locked your account... these poker rooms really have one sick way of dealing with players money, they are making tons and still dont care about the player. They can say they do all they like, but actions speak louder than words

 

[Casinomeister]

This situation is still being looked at by a number of people. If patience is a virtue, let's be virtuous .

 

[jinnia]

Grapist may be telling the truth, then again he may not be truthful in his story. But to say 'it was not spoofed' just because you 'feel' it can't be done, for the game was in play when he looked at the monitor is ridiculous!

Remote control tojans CAN give the 'hacker' access to every single operation of your system, and yes, if they are directly inside of your system (not just using it as a stepping stone) performing any activity which requires a window to be opened, it will show that window and or game..etc. on the victims monitor just as if he/she was sitting there opening the window or playing the game..

 

[jpm]

Grapist may be telling the truth, then again he may not be truthful in his story. But to say 'it was not spoofed' just because you 'feel' it can't be done, for the game was in play when he looked at the monitor is ridiculous!

Remote control tojans CAN give the 'hacker' access to every single operation of your system, and yes, if they are directly inside of your system (not just using it as a stepping stone) performing any activity which requires a window to be opened, it will show that window and or game..etc. on the victims monitor just as if he/she was sitting there opening the window or playing the game..

I never said I 'feel' it can't be done. I said, grapist himself said he woke up and saw the program running after he'd gone to bed and is was not running. He never suggested it was spoofed, and he and the poker room both seemed to agree on the point that it WAS done from his computer. I've got well over 20 years of experience in this area and I know quite well what remote trojans can do as well as a number of other things, thank you. I was hacking before there was a world wide web and the internet wasn't yet the internet and 300 Baud was fast.

 

[jinnia]

I never said I 'feel' it can't be done. I said, grapist himself said he woke up and saw the program running after he'd gone to bed and is was not running.

Ok, it wasn't running when he went to bed, but was when he woke, so if someone else was playing by use of a remote control trojan, then it could have been running as he woke as the hacker was playing.

He never suggested it was spoofed,

Some people don't have 20 years or even 20 minutes of knowledge about what trojans can do. As he said, a friend suggested that to him after he mentioned what happened.

and he and the poker room both seemed to agree on the point that it WAS done from his computer.

Yes, it would show it came from his computer. Machine ID and IP address would be logged as if it was him sitting at his computer playing it himself.

I've got well over 20 years of experience in this area and I know quite well what remote trojans can do as well as a number of other things, thank you. I was hacking before there was a world wide web and the internet wasn't yet the internet and 300 Baud was fast.

You are welcome!! That's good! I to thought 300 baud was fast way back when.


I am not saying it happened, I am not saying it didn't, all I'm saying is it is HIGHLY possible that it could.

 

[Casinomeister]

Here is Casava's final decision:

We were first contacted by the member on 8/1/04 at 9.25 am (GMT time).
The member phoned to say that he had not played since 7/31/04.

The account was blocked on 8/1/04 at 9.29, when the bankroll was at
$1240.05.

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

All of the log ins to the account, from the beginning on 7/21/04,
through the period that the member is concerned with, to the last log
ins on 8/1/04, are from the same IP and ISP.

In order to enter the account, an unauthorized user would require the
confidential username and password of the member.

Based on these facts, we concluded that there was no security breach
from our behalf. The bankroll was wagered down to $187 from the same PC
as previously used on the account, and with access through confidential
passwords.

The member has claimed that this could be due to a Trojan Horse Virus
stealing his identity. We don't accept responsibility for this.

We also noted that the game play of the time span concerned and the
previous immediate history were similar. This is in terms of game
choice, and stakes played. This is an indication that there was no
unauthorized user playing on the site, though our investigation is not
based on this point. The member does not agree with these findings,
though we have explained that the outcome of the investigation is not
affected by this similarity.

We have concluded that the bankroll on this account was wagered through
access achieved with the accounts confidential password, and from the
same location as recorded all throughout the previous log ins. We have
concluded that we are not responsible for any case of unauthorized
access of the account, if this was actually occurring.

We have offered to reopen the account, where the member will find the
amount of $187 still in the bankroll, with a new confidential password
to secure the account from further access.

 

[The Grapist]

Bryan, thank you very much for trying to help.

I'm not surprised by their response. They waited over a month to say the same thing that they always said.

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

Yes, I admitted to making several attempts to log in, but I wasn't able to do so. And I called to have the account re-opened so that I could get out what money I had, and to check the hand history. I don't see why they bring that up. Isn't that the thing that a lot of people would do if the situation happened to them?

And there should be more than $187 in the account, because my last withdrawl didn't fully complete.

 

[sw2003]

My take on this:

1) If the guy has had his account locked, why does he get up in the middle of the night and try to login? And what's that about seing the message about not being able to login and then trying? did he turn on the monitor and the message was already on the screen or what? This doesn't really add up.

2) Money lost before the account was locked is the sole responsibility of the user. Sucks, but that's how it has to be. Money lost AFTER the account was locked is the responsibility of the card room. This was obviously a fault on their end - human or technical - and they need to rectify this.

3) Phone vs email: If I were in their place, I'd prefer email too. This way it's easier to keep account of the case and spot opposing claims.

Casino-on-net used to be fair, I doubt we really have the complete picture here...

1) If I understood correctly, he woke up in the middle of the night to find out that there was a problem for the very first time. At that time, there hasn't been any request to lock his account. He requested it after he found out there was a problem.

2) I agree that after the lock down, any money lost should be the responsibility of the poker room and not the player.

3) Or one can record the conversation?


Oh the poker room can keep accusing him of being the mastermind of everything so that they don't have to take any responsibility which is typical!
I will assume the guy's innocence until proven guilty for now.

Oh the fact that there was a trojan on his computer was also good news for the poker room. Perfect excuse for them to dump everything on the player.

 

[sw2003]

I "have so much knowledge" because I've been hitting google and my friends like crazy since this happened.

One of my friends suggested that I specifically ask about key-loggers, because that's what many Trojans are. Specifically, the Trojan that infected my PC. Even Nortons told me that.

And I don't shut down my web-browser because I have a cable modem. You don't need to shut it down.

Edit: I appreciate the help that some of you are giving me. But I definately don't appreciate being called a liar every other post. I'm not lying. Do you really think I'd come here if I was lying?

This is what I don't understand. Why do you need your computer and internet on 24/7? Are you running some program/work that needs to run a long time to produce results? Or you have something that you want people to download or a website that you want people to look at? I mean when I go to bed, I switch off my computer and disconnect from the internet. In that case even if there is a trojan, they cannot use your computer for some nefarious purpose or take it over. So why some of you guys are so taken by the always-on feature of some of this cable internet. Switch the damn computer off when you go to bed man! The always-on thing is just like having your safe open 24/7! Ask around to see if there are any banks that leave their vault open 24/7?

 

[sw2003]

Here is Casava's final decision:

We were first contacted by the member on 8/1/04 at 9.25 am (GMT time).
The member phoned to say that he had not played since 7/31/04.

The account was blocked on 8/1/04 at 9.29, when the bankroll was at
$1240.05.

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

All of the log ins to the account, from the beginning on 7/21/04,
through the period that the member is concerned with, to the last log
ins on 8/1/04, are from the same IP and ISP.

In order to enter the account, an unauthorized user would require the
confidential username and password of the member.

Based on these facts, we concluded that there was no security breach
from our behalf. The bankroll was wagered down to $187 from the same PC
as previously used on the account, and with access through confidential
passwords.

The member has claimed that this could be due to a Trojan Horse Virus
stealing his identity. We don't accept responsibility for this.

We also noted that the game play of the time span concerned and the
previous immediate history were similar. This is in terms of game
choice, and stakes played. This is an indication that there was no
unauthorized user playing on the site, though our investigation is not
based on this point. The member does not agree with these findings,
though we have explained that the outcome of the investigation is not
affected by this similarity.

We have concluded that the bankroll on this account was wagered through
access achieved with the accounts confidential password, and from the
same location as recorded all throughout the previous log ins. We have
concluded that we are not responsible for any case of unauthorized
access of the account, if this was actually occurring.

We have offered to reopen the account, where the member will find the
amount of $187 still in the bankroll, with a new confidential password
to secure the account from further access.

Come on after the lockdown, the credit balance became their responsibility! A lockdown should mean a lockdown! If the account can still be played, why would anyone ask for a lockdown. They are just denying any kind of responsibility whatsoever. Regardless of whether this is a scam or not,
I wouldn't want to play at this poker room knowing that if something
happened they would use whatever excuse to deny responsibility. That sucks for a pokerroom.

 

[The Grapist]

This is what I don't understand. Why do you need your computer and internet on 24/7? Are you running some program/work that needs to run a long time to produce results? Or you have something that you want people to download or a website that you want people to look at? I mean when I go to bed, I switch off my computer and disconnect from the internet. In that case even if there is a trojan, they cannot use your computer for some nefarious purpose or take it over. So why some of you guys are so taken by the always-on feature of some of this cable internet. Switch the damn computer off when you go to bed man! The always-on thing is just like having your safe open 24/7! Ask around to see if there are any banks that leave their vault open 24/7?

All of my friends and I always leave our computers on. We also are always running programs like Direct Connect and BitTorrent.

I also have to ask, why is it that they can tell what times I called, and in previous correspondence, state some of times I logged in prior to the day all of this shit happened, and then claim that I somehow logged into the account after it was locked, but not be able to provide a log-in time or anything?

I really don't know what to do at this point. I've been somewhat patient, but I'm not getting anywhere. The only thing that's changed since I made this thread is that: a) what I thought were good security practices for my PC were really piss-poor, b) "I know too much about computers" and c) Pacific Poker will take over a month to copy-paste and then edit the same e-mail that that sent me over two months ago.

 

[Petunia]

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

--THIS is the bit that gets to me. Did you or did you NOT ask them to re-open the account. ---

It seem that this is just tooo fishy for words.

 

[The Grapist]

--THIS is the bit that gets to me. Did you or did you NOT ask them to re-open the account. ---

It seem that this is just tooo fishy for words.

It was a little more than two hours, but yes. I asked them if it was possible for them to reopen the account. I said that I wanted to play (it was stupid of me to say that, but I thought that if I did, that would make them try to expediete the entire investigation) and that I wanted to check my hand histories (which was my real intention. I needed to get them saved onto my computer.)

They said that in no way it would be possible to have the account opened. They said that if it were to be opened, that the case would have to be resolved, so it was bet that it were kept closed.

After all, they said "don't worry, as long as the account is closed, the balance is safe."

 

[GrandMaster]

All of my friends and I always leave our computers on. We also are always running programs like Direct Connect and BitTorrent.

Is it possible that you downloaded the trojan from one these file sharing networks, or that your computer was attacked through one of these programs? It is a computer security principle that you should not run a server on a computer used for anything else. Having a permanently open port makes a potential hacker's job much easier. If you feel you must use BitTorrent, do it on a dedicated machine. You had an expensive lesson in computer security.

 

[chuchu59]

Here is Casava's final decision:

We were first contacted by the member on 8/1/04 at 9.25 am (GMT time).
The member phoned to say that he had not played since 7/31/04.

The account was blocked on 8/1/04 at 9.29, when the bankroll was at
$1240.05.

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

All of the log ins to the account, from the beginning on 7/21/04,
through the period that the member is concerned with, to the last log
ins on 8/1/04, are from the same IP and ISP.

In order to enter the account, an unauthorized user would require the
confidential username and password of the member.

Based on these facts, we concluded that there was no security breach
from our behalf. The bankroll was wagered down to $187 from the same PC
as previously used on the account, and with access through confidential
passwords.

The member has claimed that this could be due to a Trojan Horse Virus
stealing his identity. We don't accept responsibility for this.

We also noted that the game play of the time span concerned and the
previous immediate history were similar. This is in terms of game
choice, and stakes played. This is an indication that there was no
unauthorized user playing on the site, though our investigation is not
based on this point. The member does not agree with these findings,
though we have explained that the outcome of the investigation is not
affected by this similarity.

We have concluded that the bankroll on this account was wagered through
access achieved with the accounts confidential password, and from the
same location as recorded all throughout the previous log ins. We have
concluded that we are not responsible for any case of unauthorized
access of the account, if this was actually occurring.

We have offered to reopen the account, where the member will find the
amount of $187 still in the bankroll, with a new confidential password
to secure the account from further access.

Something amiss here. The account was blocked and then the player was able to re-enter the account. The mind boggles. If the casino,on the player's request,reopened the account and the balance was whittled away,the player should be responsible. Otherwise,since the account was blocked,irrespective of whether the player asked for it to be re-opened,the casino should be responsible for any loss of funds due to any entrance by the player or anyone else. The timing on the blockage of the account is vital. So is the timing for the re-opening of the account. If it hadnt been re-opened,there should be no argument. The balance stays at $1240.

 

[murder1]

Stop wasting your time on this person. Why would someone use his account to wipe out his cash and leave nearly $200 in it? They would have cleaned him out. If it was chip dumping to another player. It would have been done at a 1 on 1 table. Not a full table. The support didnt mention what type of table. But from his style of play that they mention. I would assume it was at a full table. Everything came from his computer. Even his secured password. Dude if someone did steal your money. Get over it! Its Gone! Online Casinos steals people money every single day. Some even open and closes sites, to steal money. And most people never get it back. Consider it as a costly lesson. Start turning off your computer. Or got get yourself some G.A Help.

"Something amiss here. The account was blocked and then the player was able to re-enter the account. The mind boggles. If the casino,on the player's request,reopened the account and the balance was whittled away,the player should be responsible. Otherwise,since the account was blocked,irrespective of whether the player asked for it to be re-opened,the casino should be responsible for any loss of funds due to any entrance by the player or anyone else. The timing on the blockage of the account is vital. So is the timing for the re-opening of the account. If it hadnt been re-opened,there should be no argument. The balance stays at $1240."

Sometimes when requesting to have your account reopened. Pacific Poker (CON) requires you to send an email. With your address, phone # and birthday for verification purposes. Once received, sometimes they reopen your account without sending you a reply email stating its reopened.

 

[The Grapist]

Stop wasting your time on this person. Why would someone use his account to wipe out his cash and leave nearly $200 in it? They would have cleaned him out. If it was chip dumping to another player. It would have been done at a 1 on 1 table. Not a full table. The support didnt mention what type of table. But from his style of play that they mention. I would assume it was at a full table. Everything came from his computer. Even his secured password. Dude if someone did steal your money. Get over it! Its Gone! Online Casinos steals people money every single day. Some even open and closes sites, to steal money. And most people never get it back. Consider it as a costly lesson. Start turning off your computer. Or got get yourself some G.A Help.

"Something amiss here. The account was blocked and then the player was able to re-enter the account. The mind boggles. If the casino,on the player's request,reopened the account and the balance was whittled away,the player should be responsible. Otherwise,since the account was blocked,irrespective of whether the player asked for it to be re-opened,the casino should be responsible for any loss of funds due to any entrance by the player or anyone else. The timing on the blockage of the account is vital. So is the timing for the re-opening of the account. If it hadnt been re-opened,there should be no argument. The balance stays at $1240."

Sometimes when requesting to have your account reopened. Pacific Poker (CON) requires you to send an email. With your address, phone # and birthday for verification purposes. Once received, sometimes they reopen your account without sending you a reply email stating its reopened.

The account was never reopened. That's the thing. I never sent any e-mails requesting it.

And I came here after this happened because I was referred here. I thought that this was what I was supposed to do after my money was taken. Is it not?

 

[jpm]

Yes, it would show it came from his computer. Machine ID and IP address would be logged as if it was him sitting at his computer playing it himself.

No, it wouldn't. An IP spoof would not show the same machine ID as his own.

 

[jpm]

Here is Casava's final decision:

We were first contacted by the member on 8/1/04 at 9.25 am (GMT time).
The member phoned to say that he had not played since 7/31/04.

The account was blocked on 8/1/04 at 9.29, when the bankroll was at
$1240.05.

The member was able to re-enter the account. He has admitted making
several attempts to do so, to check the hand history. He also phoned the
Member Support Team two hours after the initial claim, asking for the
account to be re-opened.

Based on these facts, we concluded that there was no security breach
from our behalf. The bankroll was wagered down to $187 from the same PC
as previously used on the account, and with access through confidential
passwords.

Bryan, can you ask them to clarify something here. They say they blocked it and bankroll was $1240.05, then they say it was wagered down to $187. Can they tell you if this was after he asked for the account to be re-opened 'two hours after the initial claim' or in the interim 2 hours? I think that's an important piece of the puzzle.