Virus to hijack your account - Page 2

Percula · #11 03-03-2007, 03:43 PM

[ QUOTE ]
I haven't been following this much.

How do they get the account passwords in the first place?
Once they have it, how do they successfully transfer it somewhere and cash it out quickly enough that the transaction isnt cancelled?

Both seem at first glance very difficult to do.

[/ QUOTE ]

OK...

The hacker compromises the computer. He then tracks the activity on the PC. He gathers ALL usernames and passwords, investigates the accounts accessed.

So "Ralph HS player" has a UB, FTP, Stars accounts for a total of $400K in them. Has a Neteller account with a balance of $10K tied to the bank account (since Ralph is from a location that Neteller still serves). Has a online savings account tied to their bank account with a balance of $600K. Has a online brokerage account tied to the bank account with a value of $1.5M. Has a bank account with a balance of $30K.

Joe hacker knows all of this and has access to all money accounts, email and IM accounts. He bides his time, watches the player waiting for the right opportunity to strike. Joe hacker knows Ralph HS player is going to a WPT event for a week and has lots of live play and partying scheduled and wont be watching his [censored] closely while at the WPT event.

Now its time for Joe to go to work. Ralph is on a plane to the US for the WTP event. Joe logs on to each poker site and withdraws most of the funds in them to Neteller. He leaves enough on each site for Ralph to log in and have a couple of buy-ins, after all Ralph doesn't check his account balance each time he accesses the site, since it is something that can make him tilt. He only checks the account balance once a week and draws it down to his X buy-in level.

Joe now waits for the emails from the poker sites and Neteller, deals with any questions from the poker sites, but most likely just deletes the confirmations of the transactions making note of the amounts.

Joe then waits for Neteller to make the funds available. Once they are available, Joe now transfers all the funds to the bank account and waits for the funds to be available again. Remember Ralph is partying and playing poker and not doing much if anything on the internet for the next 5-7 days...

The funds are now available in the bank account and Joe transfers the funds to the brokerage account and sells all assets in the brokerage account. Adds/changes the account transfer information on the brokerage account and wires all the funds to some offshore account, and pays someone at the offshore location to go withdraw the cash and ship it to Joe hacker, who is now a millionaire for a few weeks of "work". And Joe can sleep pretty well, because he knows that he covered his tracks, and the poker player really doesn't have any real way to go after him.

And all of this could be prevented by having to use secure tokens on each account. Since a secure token is hardware and only Ralph has the hardware, Joe hacker can not access any of the money accounts... It too bad that the only accounts in this little story that don't have the option of using secure tokens is the poker sites.

0men · #12 03-03-2007, 05:29 PM

Joe Hacker pwned Ralph HS Player ^^^^

Stinkybeaver · #13 03-03-2007, 07:55 PM

if poker continues to dry up then I'll proceed to become a hacker

Nichomacheo · #14 03-03-2007, 08:49 PM

Cute story, but...

- How does the hacker get the software on the target computer to begin with?

- Neteller is dead. What quick methods still exist that a player could use and have access to the funds in the appropriate amount of time?

Percula · #15 03-04-2007, 12:53 AM

[ QUOTE ]
Cute story, but...

- How does the hacker get the software on the target computer to begin with?

[/ QUOTE ]

1) An exploit. It could something as stupid as someone visiting a site with an un-patched web browser, or as complex as a never before seen fault in a common program. The former is fairly easy to deal with by keeping the OS and applications up to date and patched as needed, but the later is virtually impossible to stop.

2) By social engineering. This could take the form of something as simple as a phishing scam or as complex as virtual ID theft where the hacker impersonates a trusted friend or family member.

[ QUOTE ]
- Neteller is dead. What quick methods still exist that a player could use and have access to the funds in the appropriate amount of time?

[/ QUOTE ]

In the USA it's dead, not everywhere.

So Joe hacker has owned a USA based HS player this time, now HS player goes to the same WPT event with the same plans to party and play. This time Joe hacker uses wire transfers from the poker site or overnight delivery of a check that is signed for by somebody...

Or an alternate hack, forget the poker accounts and just clean out the savings, bank and brokerage accounts and call it a day.

Nichomacheo · #16 03-04-2007, 01:23 AM

[ QUOTE ]
1) An exploit. It could something as stupid as someone visiting a site with an un-patched web browser, or as complex as a never before seen fault in a common program. The former is fairly easy to deal with by keeping the OS and applications up to date and patched as needed, but the later is virtually impossible to stop.

2) By social engineering. This could take the form of something as simple as a phishing scam or as complex as virtual ID theft where the hacker impersonates a trusted friend or family member.

[/ QUOTE ]

I'm graduating in a few months with a degree in computer security. Zero day exploits (ones that someone figures out and uses, therefore it hasnt been patched) are fairly rare. Don't get me wrong, they do exist, and I suppose HSNL accounts are a good target, but I have a feeling most of the hacking cases arent a result of this.

If I had to guess I'd say that someone on some poker website posts a link to a website. The website takes advantage of a known vulnerbility, thats not patched (as you described), and hopes to hit some players with big accounts. It downloads a program on your computer which relays information back to someone who knows what to do with it.

I doubt most of these are cases of social engineering. I'd hope that if you're smart enough to make $100k playing poker, then you don't go to fulltiltbonus.com and input your user name and password. I imagine some people do fall for this though...

For those of you who have had your accounts hacked... do you know how it happened?

Percula · #17 03-04-2007, 03:58 PM

[ QUOTE ]

I'm graduating in a few months with a degree in computer security. Zero day exploits (ones that someone figures out and uses, therefore it hasnt been patched) are fairly rare. Don't get me wrong, they do exist, and I suppose HSNL accounts are a good target, but I have a feeling most of the hacking cases arent a result of this.

[/ QUOTE ]

I work for a company (that shall remain nameless) that is a best of breed in the security industry and part of the ZDI. I see several new ZDI notices a week, they are very common, however they tend to be minor, with major/critical only coming like once a month or every other month. I would not in anyway say they are rare, common is the term I would use.

I would agree that many of the hacks we hear about are more likely the result of existing exploits/social engineering. The worst part is that all of this is mute if all money accounts use a secure token for access... Come on poker sites, this isn't new technology.

BTW, I would not assume computer/technical knowledge with success/skill in poker. Just read some of the posts in the software or computer/technical forums...

fnord_too · #18 03-05-2007, 01:27 PM

[ QUOTE ]

I doubt most of these are cases of social engineering. I'd hope that if you're smart enough to make $100k playing poker, then you don't go to fulltiltbonus.com and input your user name and password. I imagine some people do fall for this though...

For those of you who have had your accounts hacked... do you know how it happened?

[/ QUOTE ]

If you look through the archives, most were social engineering. A common tact was to IM with a trusted handle and a line like "Can you look at these hands for me? There is a hand viewer included." One person (recounted here but originally posted somewhere else, not sure where) was on IM getting instructions to make the firewall warnings go away when trying to run the hand viewer. (I think that case had a happy ending where the thief won like 12k on the account then the account was locked before it could be emptied.)

Basically, a lot of people are naive by nature and expect others to not be pieces of [censored]. I certainly agree that almost all of the attacks could be stopped with some hardware implementation, like a one time password generator. Those have been in use for at least a decade, so I don't imagine they are too costly to implement. Hell, how hard is it to instigate a policy that no account activity over say $5k can take place without the site calling you on a registered phone number, (and no changing these phone numbers without a lot of safeguards).

DrewOnTilt · #19 03-06-2007, 12:58 AM

[ QUOTE ]
I would agree that many of the hacks we hear about are more likely the result of existing exploits/social engineering. The worst part is that all of this is mute if all money accounts use a secure token for access... Come on poker sites, this isn't new technology.

[/ QUOTE ]

I've always wondered why this isn't the case. There are even simpler security precautions. I have an account at a bank (PNC Bank) that has a policy of calling me, emailing me, or otherwise verifying my identity any time I initiate an online transaction from a new IP address. Each time they have asked me if I plan to use that computer for online banking at any point in the future.