Definite tampering found on poker laptops.

By RP, December 11, 2013

Our readers will recall the mysterious goings on in Barcelona earlier this year, where players staying at an hotel whilst participating in a tournament had their laptops stolen but returned, amid suspicions that someone had tampered with them.

The publication The Register reported this week that in at least one instance – that of Finnish player Jens Kyllönen – the machine had been infected with spyware, a fact now confirmed by the Finnish security specialists F-Secure.

F-Secure reported that the Java-written malware on the machine could allow an online intruder, possibly a card-shark, to remotely view screenshots and log activity, prejudicing any game sunsequently being played online by the owner of the machine.

Kyllönen told security experts that he believes the infection occurred while he played in a poker tournament in the Spanish city. During a break he returned to his room and found his laptop missing, only for it to be returned later with signs of a possible infection.

According to F-Secure, the notebook was infected with a remote monitoring tool that activated upon system startup. Researchers believe that the malware was installed via a USB device and that a similar infection was introduced to the computer of another player staying in the same room.

F-Secure was not surprised that such successful poker players were targets for this sort of fraud. By installing tools to covertly snoop on the screen of high-stakes online players, a rival could gain the upper hand in a game by spying on his opponent’s hand, a spokesman said.

“This is not the first time professional poker players have been targeted with tailor-made trojans,” F-Secure said in its report.

“We have investigated several cases that have been used to steal hundreds of thousands of Euros. What makes these cases noteworthy is that they were not online attacks. The attacker went to the trouble of physically targeting the victims’ systems on site.”

Such well-targeted, “spear phishing” operations rely on detailed reconnaissance to gather information about the individual which can be exploited to carry out an attack, the experts opined.

The origin and perpetrator of the trespass, theft and tampering remains unknown at present, although investigations were carried out in the aftermath of the incident.