Was this what happened at Absolute?

jetset

RIP Brian
CAG
Joined
Feb 22, 2001
Location
Earth
SECURITY EXPERT URGES CARE IN ONLINE ACTIVITY

Trojans used to steal millions from online poker players, says security specialist

In an article in Tech Radar this week, Mikko Hyppnen the chief research officer at security software company, F-Secure cautions online poker players to take care when using the Internet as security scams are taking place.

In his work as a consultant with European security agencies on cyber crime Hyppnen frequently comes into contact with threats posed by cyber-criminals, and hears many cautionary tales of how people have been prejudiced, sometimes without even realising it.

Hyppnen told the publication that hackers are stealing millions from innocent web users, deploying tactics from mobile phone spying to planting Trojans and hacking into systems.

Online poker players, he claims, are some of the ripest targets. And the expert cautioned that he knows of cases where online poker sites have been used to "launder" money or credit obtained through cyber criminal enterprises, in at least one case by a ring which went on to buy articles subsequently sent to insurgency groups in Iraq.

Online poker players are a massive target for hackers," said Hyppnen. "People play it with real money obviously, so theyre a big target. We were just investigating a case where a professional online poker player was attacked by someone he would play against regularly online. And were talking about professional players, and big money. Hundreds of thousands of euros on the table at a time, he said.

All of a sudden he started losing. He would regularly lose even when he had a great hand pocket aces for example. If he had an unbeatable hand, the other players would simply fold. And when he tried to bluff, he would lose. He lost a lot of money this way, were talking hundreds of thousands of euros.

This went on for weeks. And when we looked into it we realised that one of the other players at the table had sent him a tool. A calculator of sorts to help him optimise his poker playing. And we found that the application included a Trojan.

When he was playing online poker against these people who were in another country, the guy could press a button and he would receive a screenshot of the targets screen. So he sees the hole cards. If youre playing poker and the other players know your cards, its pretty hard to win.


Its a clever attack because the hacker could have just stolen the account and moved the money away. But he would have been caught. But this way the target was losing his money to someone else and he didnt realise it was a con. I dont think many online poker players realise that those kind of attacks are being done.

Hyppnen highlighted the case of Tariq Al-Daour who was sent to prison after he used online poker sites to launder millions of pounds to fund insurgents in Iraq.

Tariq Al-Daour was sentenced last summer in London with two of his friends, for using Windows Trojans. They were using keyloggers which save everything you type on the keyboard. And they waited until you did online shopping so they could get your name, address, credit card number etc, and this way they managed to get 36 000 cards. American Express, Visa, Mastercard - the lot. And what they did is they took those cards to online poker sites.

They set up new accounts with the stolen cards and of course they played against themselves, losing on purpose. This way they were able to launder the money. Again its pretty clever because if someone comes asking about all their money, they can prove they won it at poker.

They laundered close to about two million euros. And the really weird part is what they did with the money. They took the money back to online shops and bought stuff like hiking boots, tents, knives, GPS devices, radios...

And then they would use couriers to ship those goods to Iraq.
 

Zoozie

Ueber Meister
PABnonaccred
CAG
Joined
Dec 1, 2005
Location
Denmark
Was this what happened at Absolute?
No, it was nothing like this at all. The Absolute cheating scandal was an insider job with no Trojans involved. The cheater could see all hole from all players.

The only plausible explanations are still:
1) Superuser account
2) Hacking into the server accessing run-time data/logfile. And this was only successfull because Absolute poker also made the gigantic blunder of logging/means of access to the run-time data before a hand was over.
 

maxd

Complaints (PAB) Manager
Staff member
Joined
Jan 20, 2004
Location
Saltirelandia
Very interesting article though, thanks for posting it Jetset.

AFWIW, "superuser" accounts are standard practice in almost every field of software development on the planet -- telecommunications, operating systems, games, enterprise management systems,etc etc, you name it -- so the question at AP is much more realistic if you ask "do he have superuser access?" rather than "was there a superuser account that he could have used?" Assume that superuser access does exist and you'll putting pretty close to par.
 

Mousey

Ueber Meister Mouse
Joined
Sep 12, 2004
Location
Up$hitCreek
I don't for a minute think that's what happened at Absolute. However, it could very well be something similar that happens at any given poker room on any given day.

It also could be something similar (trojan/keylogger/bot drone) that enable(d) persons unknown to empty players accounts. (About which we have still heard little or no explanation.)

So, while playing against a poker bot is not in itself a losing situation, playing against a bot who is in contact w/a 'sister' bot on your computer, however, is. (And believe me, I know from experience, firewalls and anti-virus apps out the ying-yang are not always enough to prevent infection.)
 

thisisvegas

Dormant account
Joined
Oct 18, 2007
Location
Canada
I think this guy's company is trying to ride some free media exposure on the Absolute scandal. He is right in that there are programs out there to try to watch player activity. I think in the near future most poker software will be able to detect odd behaviour and you can thank professional poker players for being able to uncover these cheats.

What happened at Absolute Poker was a super user account and an inside job. The super user was able to knock off pros and I find it highly unlikely that a professional online poker player would have any sort of virus or trojan on their computer. They care more about their security than anybody else especially with the amounts they have in their accounts. On top of that it is easy to see something funny happen when the player is involved in nearly 100% of the hands.

Also the comments about these poker companies allowing money to be laundered or used for terrorist activities is another joke. He is either playing off of fears or just trying to ride the bandwagon. Send this to twoplustwo forums and see him get eaten alive.

John
 

swampwitch

ProfessionalUnderachiever
Joined
Nov 20, 2002
Location
Iowa, dammit.
In an article in Tech Radar this week, Mikko Hyppnen the chief research officer at security software company, F-Secure cautions online poker players to take care when using the Internet as security scams are taking place.
I'd be more apt to give this serious consideration if this had been brought to light by anyone other than someone who makes their living from computer vulnerabilities.

We were just investigating a case where a professional online poker player was attacked by someone he would play against regularly online. And were talking about professional players, and big money. Hundreds of thousands of euros on the table at a time, he said.

All of a sudden he started losing. He would regularly lose even when he had a great hand pocket aces for example. If he had an unbeatable hand, the other players would simply fold. And when he tried to bluff, he would lose. He lost a lot of money this way, were talking hundreds of thousands of euros.

This went on for weeks. And when we looked into it we realised that one of the other players at the table had sent him a tool. A calculator of sorts to help him optimise his poker playing. And we found that the application included a Trojan.
Why would a professional big money player use a tool, especially one sent to him by a rival player? Why doesn't the article name the player?
Notice F-Secure didn't have a problem giving the name of Tariq Al-Daour..but leaves out the pertinent fact that the stolen credit card numbers he used when opening up casino and poker accounts were not obtained through vulnerabilities of the poker sites themselves.
 

The Ronin

Dormant account
Joined
Jun 13, 2007
Location
Back East
I agree with thisisvegas: Seems like a bit of a stretch to go from:

"Like many other credit card thieves, Al-Daour ordered merchandise with the stolen credit cards, had them shopped to a series of drop sites, and used a network of thieves to turn the stolen goods into cash. He also stole identities of Internet gambling site members and wracked up winnings to help raise funds."
You do not have permission to view link Log in or register now.


To this:

They set up new accounts with the stolen cards and of course they played against themselves, losing on purpose. This way they were able to launder the money. Again its pretty clever because if someone comes asking about all their money, they can prove they won it at poker."
Now granted their might have been some other article that I haven't seen that validates the poker player angle in the news story. If not, it does seem alarmist in nature, and stretching the truth to sensationalize a more simplistic view of what really happened.

What looks like really happened, horrible as it was, is he sole the funds from gambling and possibly poker player accounts. Plain and simple.

Also adding the:

They laundered close to about two million euros. And the really weird part is what they did with the money. They took the money back to online shops and bought stuff like hiking boots, tents, knives, GPS devices, radios...

And then they would use couriers to ship those goods to Iraq.
Wrong. And their guilty pleas and or verdicts do not support that statement. They did the same thing every other cyber crook does when they get hot numbers. Shop till you drop, or max out. Fence the goods, usually on ebay, and use the cash for whatever you want.

These knuckleheads used the money to set up websites inciting terror. Unless it was reported, and the convictions mirror the claim or report, one must again assume it is false.

These guys are thieves, nothing more. Their political and religious views aside, they are simply thieves. And I thought according to their religion they are supposed to lose a hand for stealing :thumbsup:

Linking teror, poker and al-qaida etc (intentional mis-spellings) makes for a snazzy flash news article. The truth is much less flashy.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top