Two Plus Two Newer Archives - View Single Post

Sotiria · #1 01-09-2007, 05:57 PM

Cliff notes at bottom

This stuff is obvious to some of you, but, clearly there are those that are not educated in the online poker community.
I post this as a warning to all online poker players out there.

You have money online. Bad people want it....they want it, and they can get it. You only notice this when you read a post in the high-stakes regarding how the OP was swindled out of X thousand dollars by villain, usually through a transfer scam. There is a better way to do it, and I'm sure that it's already going on. I write this to inform and educate you about the dangers of playing poker online.

How I would hack you

First, I would get your IP address. This is a trivial matter. I could hack a site that you post on that logs your IP address. I could own a site that you visit and be logging your IP every time you come. I could befriend you via an IM program and initiate a direct file transfer (heck, this in and of itself might be enough...you've seen posts where someone downloads an .exe file, executes it, and now the malicious user has control of their PC). In any case, again, a very trivial matter.

So I have your IP, you say...so what? Well, I hate to break it to you, huckleberry, but you're not the only person I'm targeting. I have the IP's of many mid and high-stakes players. I might not be able to break into YOUR computer, but I can break into at least a few of the PC's that I have IP info for. I won't go into detail here, but suffice to say, I *will* be able to have full control over at least some of the users that I'm targeting.

Now what? I log usernames/passwords to the sites you play at, get onto your account and dump the money in any number of ways. The end.

But wait; why would I do something as stupid as that? Sure, I probably will be able to hide myself enough that I won't get caught, but why risk it? And why would I want you to be aware that you've been hacked? Wouldn't it be better if I could siphon money off in a way that you wouldn't notice. Why don't I just orchestrate a scenario in which you'd basically be working for me (if you're a winning player).....you have a steady winrate, so your bankroll grows while I skim off the top. A long-term source of income, rather than a one time large score.

No, I won't simply dump all the chips on your account, I'm a little more refined than that. Instead, I'll install a program that allows me to see your desktop. Uh, oh. I can see your cards. I can see your online banking info. I can see the porn you're watching. I just sat down at your table, and now I go from a game of incomplete information, to being able to play perfect poker against you. And, like I said earlier, you're not the only person I've done this to. You might get wise if you see me following you to every table that you sit at, and it would seem awfully weird if I call you down with 10 high and am right....all the time. No, I have many sheep like you that I can steal from. And it's all "legit". I won my money at the table fair and square. No dumping money to off-shore accounts, or laundering through multiple accounts, or worrying about covering the money trail. Think of the advantage I have over you if your hand is always face up.

This is one of the many ways that you can be screwed out of your money. Again, I write this as a warning more than anything. This probably won't happen to you, but it sure is a possibility, especially if you're playing mega-stakes online. Take steps to ensure your security online. Buy a hardware firewall. Set up VMWare or get seperate computers for playing poker/doing everything else.

Cliff notes: Security should be of the utmost concern to anyone that manipulates or manages money online (banking, poker, whatever). Have 2 computers or set up VMWare so that you have one quarantined PC that you play poker on, and another that you use for everything else. This isn't foolproof, but it's a helluva lot better than what you currently have set up.

Sure it's unlikely that you will every be personally targeted for a malicious attack, but why risk the possibility if it only takes a little bit of effort to fix. Think of like this: would you have sex with a prostitute with no condom? Then why would you be so careless with the personal information on your computer?