Security Expert: Poker Pros Always at Risk for Cybercrimes

If there’s money up for grabs, someone’s trying to get it.

And few places have as much money flowing around as Las Vegas. There are a number of movies about robbery, theft and elaborate heists throughout casinos in Sin City, but the threat is real. And now it’s online.

Back at EPT Barcelona Jens Kyllönen and a few other players had their laptops go missing only to mysteriously reappear later on.

According to Kyllönen he then took the computer to the F-Secure -- an anti-virus, cloud content and computer security company -- headquarters in Finland where they discovered a Trojan horse.

The company was also able to determine the exact time the Trojan horse was installed and figured out it occurred during the time Jens Kyllönen’s computer was missing in Barcelona.

A few other players reported similar incidents but there was no way of determining how many laptops the hackers hit.

Finns Latest Poker Trojan Targets

The perpetrators were never caught and now a similar incident has been reported by players at the Rio. On May 27th another pair of Finnish players reported that their laptops were stolen.

Lauri Pesonen wrote on Twitter that his and Joni Jouhkimainen’s laptops were stolen from their rooms in the Rio. The thieves didn’t take their wallets or iPads but opted to take some other things:

Just found out that the guys also took our sanitary bags and sunglasses instead of iPad&wallets wtf . Whats wrong with this people— Joni Jouhkimainen (@Jouhkb) May 28, 2014

Jens Kyllonen
Jens Kyllönen

There’s money online, and people are trying to get it.

The 2014 US State of Cybercrime Survey reports that in the United States alone, 3,000 companies were notified by the FBI that they’d been victims of cyber intrusions. The companies ranged from everything to retailers, banks and defence contractors.

The report also states that the US companies, on average, suffered more financial losses than the rest of the world.

The report quotes the PwC Global Economic Crime Survey that states “7% of US organizations lost $1 million or more due to cybercrime incidents in 2013, compared with 3% of global organizations; furthermore, 19% of US entities reported financial losses of $50,000 to $1 million, compared with 8% of worldwide respondents.”

The report opens with a grim statement:

“The cybersecurity programs of US organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries. Today, common criminals, organized crime rings, and nation-states leverage sophisticated techniques to launch attacks that are highly targeted and very difficult to detect.”

But companies are starting to fight back. The 2014 Global State of Information Security Survey says that 82 percent of companies with high-level cyber security are now working together to help combat the rising tide.

Poker Players Need to Utilize PIN, RSA

Daniel Negreanu
Daniel Negreanu uses an RSA. You should too.

While some hackers will continue to attack businesses, others are going for lower-hanging, less-encrypted fruit: individuals.

“Poker players are definitely susceptible to [cyber crimes],” said PokerStars security product manager Trent Wyatt.

“A lot of [players] don’t use the PokerStars PIN or the RSA.”

Wyatt, who makes a living combatting hackers for the largest poker site in the world, has a few tips for players looking to protect themselves from hackers.

“One of the things I recommend is always utilize different passwords for your multiple accounts. Don’t use similar ones, people figure that out, don’t tell anybody your password, don’t let anybody have access to your account.”

An effective and easy way to stop hackers is by using multi-form authentication like the PokerStars PIN or RSA. But if you want to go even more secure, you can.

“I would recommend endpoint security. It’s a software that basically encrypts your entire hard drive and you’re forced to set a password for it and every time you log on you have to put a password for that, in order to even get to the password screen for say Windows or anything like that,” Wyatt said.

TrueCrypt version 7.1a is a completely free software that provides an effective solution.

Sunday Million Winners Common Hacking Targets

PokerStars' systems need to be secure. Attempts to breach security are a common occurrence.

Yevgeniy Timoshenko
If you win big, make sure you have the security for it.

“The thing is with us, there’s always attempts. Fortunately we have the kind of controls in place that eliminate most of that,” Wyatt said.

“With us, specifically, the majority of our hacked cases are somebody who knew somebody that was hacking their account. Or they gained access to their computer because they were left alone in the room.”

According to Wyatt, PokerStars is always monitoring the site for suspicious activity. They have their eyes on every dollar that leaves the site.

“The good thing with us is that every cash out is reviewed,” Wyatt said. “We look where those funds come from and in the majority of the cases we catch it before it goes out.”

But even the biggest companies have breaches.

“eBay got hacked recently. They sent out e-mail to their customers saying your password has been compromised, you should change it,” Wyatt said.

“Here’s another common mistake that some people do, their eBay password is the same as their poker password. Always use a different password for every site you use.”

That’s why Wyatt says it’s increasingly important for players to take personal security measures to reduce the chances of getting hacked.

“Protect your laptop,” Wyatt said. “If you’re not using the PokerStars PIN or RSA make sure you change your password frequently.”

Hackers Usually Target Players They Know

Russ Hamilton
Surround yourself with trust-worthy people (not pictured).

While some hackers try to attack players from across the world, it’s far more likely that it’s someone a lot closer.

“It’s usually someone who knows the person,” Wyatt said.

You should also be aware of your surroundings and exercise appropriate security measures. After the World Series of Poker finishes this year, for example, there's massive computer hacker convention scheduled to begin.

“In about a month and a half, at the Rio actually, is the DEF CON security conference, which is the largest hacker conference of the year,” Wyatt said.

“Do not walk into this place with your cell phone or laptop on. The world’s best hackers come together and they just like to play to see who’s kind of being dumb, seeing who’s leaving their cell phone wifi on and these guys are good enough to access your entire phone if you’re walking around with your wifi on.”

But that’s what they do, the DEF CON crowd just likes to hack.

“90 percent of it, it’s pride. A lot of them aren’t malicious, most of them are what you’d call white hat hackers,” Wyatt said. “They’re really just trying to figure out where are the loops, what are the problems that are out there.”

There will always be loopholes and problems but now that you know, there’s steps you can take to minimize yours.

TrueCrypt version 7.1a

Comment on that

Your message is awaiting approval