Millions stolen from online poker players
10th Mar 2008 | 14:07
Criminals use Trojans to steal money from web users
Mikko Hyppönen is the chief research officer at security software company, F-Secure. He also consults with European security agencies about the threats posed by cyber-criminals. Through his job, he hears many frightening stories of how people have been robbed blind without even realising it.
He said that hackers are robbing millions from innocent web users. He told of how your mobile phone could be spying on you. And he described how online banking might not be as safe as you'd hoped.
Online poker players, he says, are some of the ripest targets. And Hyppönen said he fears that most online poker players have absolutely no idea how much danger they’re in. He also revealed a link between money stolen through cyber-crime, and terrorism in Iraq.
“Online poker players are a massive target for hackers. People play it with real money obviously, so they’re a big target. We were just investigating a case where a professional online poker player was attacked by someone he would play against regularly online. And we’re talking about professional players, and big money. Hundreds of thousands of euros on the table at a time,” he said.
“All of a sudden he started losing. He would regularly lose even when he had a great hand – pocket aces for example. If he had an unbeatable hand, the other players would simply fold. And when he tried to bluff, he would lose. He lost a lot of money this way, we’re talking hundreds of thousands of euros.
“This went on for weeks. And when we looked into it we realised that one of the other players at the table had sent him a tool. A calculater to help optimise the poker playing or whatever. And we found that the application included a Trojan.
“Which means that when he was playing online poker against these people who were in another country, the guy could press a button and he would receive a screenshot of the target’s screen. So he sees the hold cards. If you’re playing poker and the other players know your cards, it’s pretty hard to win.
“It’s a clever attack because the hacker could have just stolen the account and moved the money away. But he would have been caught. But this way the target was losing his money to someone else and he didn’t realise it was a con. I don’t think many online poker players realise that those kind of attacks are being done.”
Iraq insurgents funded
Hyppönen highlighted the case of Tariq Al-Daour who was sent to prison after he used online poker sites to launder millions of pounds to fund the insurgents fighting allied forces in Iraq.
“Tariq Al-Daour was sentenced last summer in London with two of his friends, for using Windows Trojans. They were using keyloggers which save everything you type on the keyboard. And they waited until you did online shopping so they could get your name, address, credit card number etc, and this way they managed to get 36,000 cards. American Express, Visa, Mastercard - the lot. And what they did is they took those cards to online poker sites.
“They set up new accounts with the stolen cards and of course they played against themselves, losing on purpose. This way they were able to launder the money. Again it’s pretty clever because if someone comes asking about all their money, they can prove they won it at poker.
“They laundered close to about two million euros. And the really weird part is what they did with the money. They took the money back to online shops and bought really weird stuff like hiking boots, tents, knives, GPS devices, radios...
“And then they would use couriers to ship those goods to Iraq, to help the insurgents there fight against British and American troops. So what we have here is a link between online crime, Windows Trojans etc, and the funding of insurgents in Iraq. It’s quite an unusual case.”