blonde poker forum

Elsewhere, in "The Lounge", Chris Bruce warned us of a Virus/Trojan or whatever that is compromising players Online Accouts. In his case, it was at Betfair, but it applies equally to any site I suspect.

I somehow get involved in all sorts of "behind-the-scenes" stuff & I've become aware, invovled in fact as a conduit to help solve the problem, of just such a case this week.

A very well-known Online Player - almost of legendary status - has had his Account compromised this week. He's lost over £20,000.

His Computer Software & Management is supremely good, he keeps a 6 figure sum across various sites, & has as much as half-a-mill on some sites from time to time.

He took EVERY possible precaution - but the money has disappeared.

He wants to deal with this quietly, not make a song and dance, quite properly, & get the problem resolved. I cannot - & it would serve no purpose, name him, or the Site - but I don't believe EITHER party have done anything wrong. Someone, somehow, has compromised the Account.

BE CAREFUL. Please.

The Chris Bruce thread (wholy unconnected to the case I know about) is HERE.....

http://blondepoker.com/forum/index.php?topic=28484.0

Passwords - don't make them obvious or 'guessable'.  Greg Raymer recently had someone get into his account after they 'guessed' his password.  He admitted that he should have used something less obvious and guessable.

Also, if you're using a publicly accessible machine be very careful.  I would be very reluctant to play poker on a machine that isn't mine (on my accounts that is).  Too paranoid about key-loggers that record every keystroke you make on the computer.  All too easy for someone to get your username and password via this method.

We were talking about things like this the other day in a thread in internet poker.

Personally, I really doubt many people are actually secure enough to keep large sums of money in their poker accounts!

I would like to suggest this to the more computer savvy amongst you.

If, hypothetically, you had £100,000 in an Online Poker Account, what precautions would YOU take to safeguard it? And, one step further, if you are really computer-savvy, WOULD you leave a large sum of cash on an Online Poker Site?

OK, over to the Techie Guys - give us some guidance please.

Bongo answered one of my questions BEFORE I asked it.

More detail please Bongo. Do you really mean that?

Does it make it less secure if you have your passwords automatically stored to log on when you fire up a site?

I really mean it!

I have to finish off some work this afternoon, but when I'm done I'll come back to this thread and we can talk details.

I mentioned in another thread (re absolute) the best way to access online poker sites / banking etc, in fact anything sensitive is to use a virtual machine.

Basiclly, it's like a brand new computer every time you fire it up.  Remembers nothing about previous sessions, boot ups etc.

You can actually turn a physical machine into a virtual machine using software available.

With regards to passwords,these must be long using mixed case including numbers symbols etc. Brute Force / Dictionary attacks WILL compromise the majority off passwords very quickly. (new software actually allows you to use your graphics cards processors to do some of the crunching making this process even quicker)

So much more involved than what's mentioned here. It's all way too much for your average joe user


Dougie.

I would feel secure about it with regards to my PC in my house, but I think it's probably best to avoid it on a laptop.

This is bad, because your password is then stored on the local PC regardless. Any malware run on your PC can find the userid / password / site.

Also means anyone with access (even at home, mates round etc), can fire up your poker client and start donking your bankroll.

Dougie.

I'd be worried about any site that let you try the requisite number of logins to brute force a password without some form of locking/IP banning etc.

TK - while your post is well intentioned, it is largely meaningless unless you provide some specifics.  If there is another current issue other than the Betfair trojan, then ppl should be warned.

 

a few years back. before blonde i got banned from an online sites forum for questioning security, there excuse was they had the same level as security as the rest

a persons hotmail or yahoo mail email accounts are more secure than a persons onlne poker account, also if they get into you account your card details are not safe on all sites

i use neteller for the above reason and keep the lion share of my roll off sites

I do not believe it is meaningless.

It is genuine, & confidential, & I cannot break the speficic confidentiality.

It is a GENERIC problem, which I believe you, or anyone else, ignore at their peril.

The man in question has his own blog - a very popular & high-traffic blog, & he has no intention - until it's resolved, or turns nasty - to mention it on there, it would jeopardise his chances of a fair settlement if it gets into a public slanging match. So I can't & won't reveal the specific site or names. But this does not render it meaningless at all - it's a warning for all poker players to be careful, & it has now developed into a Thread in which Computer Savvy guys give the rest of us some expert advice. See also the Thread in "The Lounge" startred by Chris Bruce.

tikay I think what doubleup was refering to was this


If he did everything the techies say to secure his money but it still went missing, then the only answer is to not play online no?

TK I am not interested in what player, what site etc.  All you have done is tell everyone that there are bad things out there.  

I take precautions against putting bad things on my computer, if that fails I hope that my firewall will tell me if a bad thing is trying to access the internet.  I have fairly strong passwords.  If you know about some issue that is either a specific security weakness on a site or some novel method of installing malware on a computer, please put pressure on the site to contact customers if the former is the case and provide more info if the latter applies.

Firewall is useless for stopping people getting information out :)

Not necessarily.  I use one that allows me to see all incoming and outgoing requests, if an application that I haven't given permission to access the internet tries to, it asks me first.  I can also block specific ports to specific applications.  It's not perfect by any means, but it's another level of security that could prevent a trojan phoning home for example.  Before you ask, no it's not ZoneAlarm.

Would it stop your web browser?

It stops IE.

If my browser had been modified in some way zone alarm would ask permission.

I do NOT know of any specific issue that may have caused the problem, nor does the injured Party, or the Online Site as of yet. Investigations are continuing, sensibly, & in an amicable atmo, & I hope to be able to give all the facts in due course.  I just know that a lot of money disappeared. I can tell you of some of the precautions the injured party took, but the issue is much wider than that, it's BOTH ends that need investigation, & it's probable that both the injured party & the Online Site are 100% innocent. These are some of the precautions he took, but remember, this is just the tip of the iceberg as to the problem.

Router-based Firewall.

Software Firewall on the PC.

Two different anti-virus programmes running regular scans. They have come back "negative".

The usual Adware removal tools.

In addition, he is sufficiently computer-savvy never to be tricked into opening suspicious links or malicious files.His Passwords are not of the "ABC" nature.

The thread is intended to raise our alert level to potential security breaches on our PC's, & I believe by it's mere presence, is already doing so. The specific case does not matter - it should act as a warning to us all to, as I said in my first Post - BE CAREFUL. And take on Board good advice I expect to appear on this thread.

Yeah - there is always the possibility that a new way of accessing someone's machine/network/etc is found which current security measures won't stop. Therefore the only way to ensure complete safety is to not switch the thing on.

If there is some super sneaky new way of accessing accounts then I would want to know about it, so I can prevent it happening to me, instead of a generic 'there be monsters' message.

don't need to modify it.

Just get it to visit a url.

http://scamsite.com/index.php?username=X&password=Y

Wouldn't help if he had 2 av programs that weren't very good though.

 ;spam;

If you want to plug your online scamming site buy an advert Bongo.

Why would my browser choose to access this site if I don't type in the url or get linked there from another site?

Because a program running on your machine asks it too...

You don't the program itself to access the internet, you can use the users web browser. In the vast majority of cases this will be granted automatic access to the net by their firewall (if they have one).

Well if we find out that there is, then rest assured, it'll be posted here in a trice. If I did not make this clear initially, I apologise, but nobody knows - yet - how this came about. It can be any of a number of reasons, but we can assume....

1) The player is speaking the truth, his money has disapperared.

2) The Site is speaking the truth - they can see it's gone, but they can't establish that it was not the players fault or responsibility, or even that it was not him.

3) It's almost 100% certain that foul-play by a Third Party is responsible, but neither ther Player nor the Site can establish that beyond doubt at this stage. The Police have been made aware.

So, we don't know HOW or WHAT happened. So it's not possible to be more specific, except to name the Player or the Site, & I don't intend to do that at this stage. Naming either would achieve nothing positive at all.

Treat it as a general warning to take extra care, be especilly vigilant, & perhaps, take on board the good advice I have asked the Techie Guys to give us. Many of us take for granted the safety & security of the money we have nesting on Online Poker Rooms. This case should act as a warning.

If peeps wanna say I'm just saying there are scary monsters out there, fine, thats up to them. I'm gonna take on Board what I learn from this thread. It's up to others to either take that advice or ignore it.

I thnk some folks are missing the point here, & I am sorry if my OP did not make this clear.

There is no evidence available which suggests how the money was removed from the account. EXCEPT that the Players Account was - 100% guaranteed, we know THAT - accessed by someone else. As of yet, it's not been established "how", or who, if anyone, (meaning injured party or Online Site) was to blame, as to how that came about has not yet been established.

Pretty sure zone alarm will tell me about this.  E.g. If I click on something on the Pstars client that opens a webpage I get asked even though tho Pstars client is authorised to connect directly.

I strongly disagree, if a site has a flaw that allows this to happen then people need to know about it now.
Doesn't matter who the person is though.

So we don't even know if the source of the security leak is technological or human. In my experience, when a player contacts a site where they (genuinely) believe money has gone missing, most of the time their account has been accessed by someone known to them though the player not being careful enough about their password. Not saying this necessarily applies in this case, just stating something I've seen personally in the past in similar cases.

Generally speaking, there are certain bottlenecks where problems occur.

1) The poker site itself - not much the user can do about this except stay away from known problematic sites.
2) The player's connection - the standard wireless security system which is used by most people (WEP) is not secure, so someone can get in that way.
3) Player's computer - anti-virus software, firewalls etc will help, but most security lapses here are self-inflicted. Don't open dodgy emails, don't access the internet without firewalls, generally be aware of what you're clicking on.
4) The player themselves - are you absolutely sure no one knows your password? Someone else in the house fancies a game? Is your password is stored on your machine? Is it guessable? Have you played poker outside of your home on a computer outside of a secure environment?

There are many places where something can go wrong.

That is the point, and is a perfect example of why I won't name the Site - you are already ASSUMING it's the Site's fault. How do you come to that conclusion? - we do not know that the Online Site has "a flaw". It may be the Player's end, for all his care & security. It would be grossly irresponsible to name the Site if there is no conclusive evidence that they are to blame, because in the nature of things, they'd be pilloried up hill & down dale be people who don't know the full facts. We see plenty of evidence of "it's ALWAYS the Site's fault" on blonde Forum.

The "hack" could have occurred at either end, or in the middle - we don't know. If I named the site - with which, by the way, I have no connection whatsoever - it would undoubetedly be blamed. That's, at best, premature.

I will not be naming the Site, or the Player, at this stage. If I see evidence one way or the other to prove negligence by either Party, I'll Post it.

It's a generic problem - PC security - & we can all choose whether to take on board the good advice I expect this thread to generate.

Security begins at home, & the first thing we should all do is ensure OUR doors are locked. In many cases - ask the Techies - I suspect they are not. It's a syndrome of modern society that when bad things happen to us, it's always someone elses fault. It's not.

Now, let's get back on topic - be careful, & take the sensible precautions the Techie-Savvy guys are dispensing. This is (or was intended to be) a "be careful, improve your security" Thread, not a witch-hunt.

So we don't even know if the source of the security leak is technological or human. In my experience, when a player contacts a site where they (genuinely) believe money has gone missing, most of the time their account has been accessed by someone known to them though the player not being careful enough about their password. Not saying this necessarily applies in this case, just stating something I've seen personally in the past in similar cases.

When the Player contacted the Site to make them aware that cash had gone missing - after he'd had great difficulty even accessing his Account via his Password - the Site told him "well how come you had that difficulty accessing the Site? - YOU ARE PLAYING ON IT RIGHT NOW". And they named the table, which was an ultra-high limit table. He, of course, denies this, & I believe him.

1) The poker site itself - not much the user can do about this except stay away from known problematic sites.

It was a highly-reputable site, a "Major", & they have no history of poor security.

I never assumed it was the sites fault, you yourself have said that the site may be at fault.
I understand why you won't name the site and that's fair enough but what if it is their end and overnight  someone else or multiple people lose money the same way?

No trying to go off topic but it sounds as if someone got his password by whatever means and has donked off the money.
Maybe dumping it to a friend or maybe not.
Returning back to the security issue - Keep your password as safe as possible.
It may well be someone he knows, it maybe someone has guessed it, it could be a key logger.
The site must be able to get the ip of the user logged on and get some more info from that and also the hand histories will tell a story.

Surely if someone was actually playing his account the site could determine through the IP address his location and I would hope the site immediately froze his account and if he was chip dumping I would expect the site to freeze the accounts of those to whom he was chip dumping.

Correct - the site froze the Account there & then, took the obvious steps,. & investigations are continuing.

was it Mark Teltcher? - maybe his sister borowed his account again but didn't own up this time :-)

Sounds like a stolen password, but as to how this happened is anyones guess. As Tikay says we all need to be vigilant and possibly shouldnt leave large amounts either in online wallets or poker sites and continually deposit and withdraw funds as and when we want to play online.

In no way do I have that serious amount of money in on-line accounts, but the amount is relative to the stakes that are played I suppose. My rule is never to leave more money on any site than I would normaly play with on a daily basis. If I win over that amount I remove it to a specific poker bank account (now you have me worried about that). I know it can be a pain, but if you have to reload it only takes a few seconds. I am paranoid about my money in the bank let alone on a poker site. 

Nothing paranoid about that - it's just common-sense. Were that we were all as sensible, but let's hope a few more of us will take heed now.

Yeah but it still takes the online site months to check into this. Well that was my experience and only when shamed into action did they act. Amazingly after months of no action, and that includes the lame police who were useless I got a response of the ISP shows some guy in China had hacked into my account. I can ensure everybody I do not know anybody in China or make my magic password known to anybody in China, honest.

Seems all very well giving a warning of this issue but if Mr Online Poker Pro has done everything he can do to protect his huge bankroll then god help us little guys. Guess the only options are to quit online play or withdrawal after every session.

I am shocked by this comment - I though you had "connections" & a Tikay Tourney on every poker site in the English speaking world.  :)

I guess this Mateyboy must be Mongolian or something.  

Bigger bankroll = bigger target.

He THINKS - or thought - he was safe. Perhaps this thread will show he was not.

Behave.....

I KNOW the site very well, I've even worked for them in the past, but I'm not "connected" in any way, shape or form.

The player is British.

I had just cashed out approx £8,500 out of my hacked account and only had £660 in it at the time someone thought it would be fun to gamble away my cash.

Guess the hackers will attack any funds not just the big boys.

It seems to me that any monies into a poker site are traceable in lots of ways...

If a hacker gets my password and logs into my account as me and changes my password etc, he would only be able to do a few things with my stored money on there...

- Withdraw it to his bank account - traceable...!!
- Go on a table playing with his buddy, and playing like a fool to let his mate win...  then...  his mate transfers the money to his bank account...  traceable...!! (Even if he played a table with more players, it is going to be the case that his mate would be the biggest money earner from the donks..

If his mate never got the chance to withdraw the money, yes Ip trace might help, but, not so easy if the investigator is in the UK and the perpetrator is in another country, but nevertheless, it is traceable...!!

The poker site would have to be the people to do this tracing, with banks, etc...  Police will get involved but British police do not have much powers over a bank in another country without going through international divisions and consuls, so recovery may happen but it can take a long time...

One example is from a recent situation that I know of..  Some scammer was selling and item on a website...  taking payments by PayPal and also by NoChex...  Once the fraud was discovered and reported to the police, they traced some things and wanted a block put onto the accounts at both places...  NoChex is in Leeds and the fall under UK law, so they did it immediately...  Paypal did nothing, and gave the scammer his money...  eventually the police got his PayPal acct stopped after maybe 1 month after getting there the long way around..

Eventually after approx 1 year, NoChex people got refunds in full, but Paypal only got partial refunds...  The guy was caught by the way and the Fraud Squad did a good job on him, but, the fraud squad told me that it is very hard to prosecute someone who committed a fraud on the end of a PC because even though they trace the transaction to an IP address, to an ISP, to an address...  They go there and there might be 5 people living there and it could have been any of them...  How do the police prove who?

Anyways, as I say, everything is traceable and somehow someone should get there...

I would imagine that if this is a big time high stakes player the site will be  acting a lot quicker, they shouldnt but im sure they will.

The thing i wonder about is how do they prove you had not arranged for someone to log on (abroad maybe), gamble up on the high  stakes table, pushing for big draws etc, spin up style then if it goes wrong blow the lot and pretend youve been hacked?
Tough call from the operators.

The site have pretty much zero jusidiction in whatever country that they operate in..  It is a police job and they will not put it on a rush job unless it becomes big news...

Yup, & that's why these cases are so damn difficult for all sides to sort out. Who'd run a Cardroom, eh?

So - techie guys - what are the precautions we should be taking? Someone mentioned a Virtual Machine. Is this a (relatively) pain-free process? Anybody care to give specifics of what to do and what to download?

I use Roboform to store all my passwords and log-ins. It can generate very strong passwords and remembers and enters them for you. It's data is encrypted using AES, Blowfish, RC6, 3-DES or 1-DES algorithms (it says!). You need to enter a master password (which obviously needs to be strong yet memorable?!?) to gain access to your other passwords. Any thoughts on this practice?

I've got a router-based and software firewall with AV & anti-spyware (just the free varieties).

I keep track of all accounts (bank and poker) using Microsoft Money so I would notice discrepancies quickly (hopefully).

I think I'm 'quite' well sorted - above average security I would imagine. I've only ever had one problem and that was when someone spent £230ish at a distant Sainsburys. I spotted it the day after the transaction and informed the bank and they immediately credited the money back.

I am interested in the VM though if someone would be so kind as to elaborate.

As an aside, if anyone uses Firefox (which you really should as an alternative to IE), make sure you enable the master password which encrypts all the login passwords that the browser remembers.  Otherwise they are stored on your computer in a plain text file.

The only secure computer system in the world is unplugged, locked
in a vault at the bottom of the ocean and only one person knows
the location and combination of that vault.  And he is dead.
--Bruce Schneier in "Applied Cryptography"

what I did was have a computer which ONLY had poker programs on it, no MSN/YAHOO, no surfing the web, nothing. Any of that crap was done on a laptop/seperate computer, and when I had finished playing poker, I turned the PC off and used a different one. This is pretty safe overall, and computers are so cheap these days its scandelous how sloppy the big stakes players get with computer security. How can this be exposed, techies?

I think that sounds pretty safe, the only possible way i can see a problem is if there is a program that can go accross all machines on your network for instance.
ie-program(virus or whatever) gets downloaded onto your laptop then gets to your poker pc via your network,
i dont think that can/would happen but its the only thing i can think of.
Im sure the real techheads will soon have there say ;)

That sounds like a smart plan, the benefit of a virtual machine over that is that if something malicious gets on the PC it is wiped clean the next time you fire it up.

As long as you stick to the nothing but poker rules, and had good firewall (with all unneeded programs/ports etc blocked) then it would be pretty hard to attack the computer. Also make sure your local network is blocked too - some firewalls are configured to trust this, which could lead to your security being compromised.

If they get access to your network they could possibly do some form of packet sniffing from your other computers (or from their own if you have wireless and they are in your locality).

You could still fall for some social engineering on the other machine and manage to give out your password/security question etc (porn star name, anyone?)

It's also possible they could guess/brute force your password - this would be far easier on a site where your display name is your user name (as they wouldn't have to figure out what that was too!)

And that assumes the poker site is totally secure at their end...

Or he could dump it to Mate 1, who then dumps it to Mate 2, who dumps it to Mate 3, who withdraws to Neteller, or Click2Pay, or ECOcard. By the time the poker room have unravelled the trail of chip-dumping, the money is long gone via channels not open to investigation by British police.

Yeah this is a concern. Why do I need 3 or 4 passwords/codes for my bank account but only one password for my poker account?

Because banks need to maintain consumer confidence so they can continue the switch to online banking and increased profits?

Can using the accesability options thing (where you click on an on-screen keyboard with the mouse to type) get round a trojan that logs your keystrokes?

They'd probably take screen grabs too.

When the banks started using drop downs with letters in and stopping people from typing the trojan authors quickly added in screen grabbing ability.

Poker sites need to maintain consumer confidence too I would have thought.

When was the last time someone's poker account being hacked made the news?

just relised who this is

hopefully ull get it sorted mate gl

Don't network the 'poker' PC.  Have it on a separate internet connection, so it isn't connected to your other PC/network of PCs.

How many still play on Absolute too?

I just came by to share this worrying graph:

(http://www.virustotal.com/images/graficas/detection_failures.png)
Red: Infected files not detected by at least one antivirus engine.
Blue: Infected files detected by all antivirus engines.

From the statistics section of Virus Total (http://www.virustotal.com/estadisticas.html), which allows you to upload a file and have it scanned by 32 different Anti Virus products...

The player that Tikay mentioned has got his money refunded in full. The hacker hasn't been caught yet though, but there are leads.

I noticed in Tillermans blog that he got hacked as well - so clearly poker players are targets.  Organised crime have been trying to place crooks in financial services for some time and that industry is far better regulated.  Players should press for minimum security standards from sites e.gs. the ability to tick a box that would only allow log on from one poker client, concealment of account details from support staff without authorisation, safeguards against automated brute force hacking.

I think some form of 2 factor authentication (example (http://www.rsa.com/node.aspx?id=1156)) would probably be better, I know a few people who need to use them to log in to their companies network, and I think some banks use similar things.

Yes that would be good, but obviously expensive to implement and the delay created might put off the sites, while my suggestions would improve matters more simply.  The main point I was trying to make is that there are too many accounts being hacked and the sites are clearly being negligent in their practices. 

Or the users in theirs!

I'm not sure how you would (reliably) lock down access to only one machine.

Even then I imagine that it would be possible to either spoof the user's machine, or maybe even use their own machine.

If the attackers somehow have access to the site's system then I imagine they could just change the setting from that end and gain access that way.

The poker client could surely be easily numbered (it probably is anyway)- so the hacker would need to know that number and be able to modify a client to imitate that number and the user's password.


Errr the sites negligence again.

dont each computer have a unique MAC address?

Anyways, what I dont get is why sites dont allow users to "opt out" of playing for X hours, they have a version like this anyways, so they can extrapolate it so that if u are going to bed and know u wont play for 10/12 hours etc, then u can ban urself from playing so that no activity can occur on your account... it would cut out this shit immensely.

It would take seconds to clone a MAC address.

ok, you got 10 min to clone mine, starting from now!

It would be trivially easy to change that though, either in the software itself or simply change the value when the packet is sent from your machine to theirs.

Also I know in my second examples it's the site being negligent, I was just pointing out that that method could still be compromised at both ends!

I think I'd need more than 10 minutes to do it the first time!

It will take me longer than that to remember what the tool to do it is called :P

Eh?  You have an unknown number in your client - how in gods name is the hacker going to find out that number as the communication will be encrypted?