Poker Rootkit Is Hackers' Ace Up Their Sleeve

from the know-when-to-hold-'em,-know-when-to-unplug-'em dept

Thu, May 18th 2006 8:28am — Carlo Longino

A programmer hired by an online poker tools site snuck a trojan into an application he was hired to develop, unleashing a rootkit on users' machines that could then be used to steal their passwords to online casinos and poker sites. An anti-virus company says the rootkit is particularly malicious because the hacker could take a victim's money without making it look stolen -- by using the passwords to log on to a poker site, then playing very badly against players controlled by the hacker. The victims are then left with little recourse, since it looks like they just lost their money during normal play. Most are also hesitant to get the authorities involved, given the questionable legality of and souring attitude towards online gambling. While most online poker "hacks" involve using bots or players cooperating against the rest of the table, this is a modern twist on an old scam: targeting people who will be afraid to report being the victims of theft.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

dorpus, 18 May 2006 @ 8:42am

Are games any good?
I've made a sport out of logging onto game servers, getting into a game, and then asking how to play. I question what the point of the game is, why they are doing this, and what they get out of it. It was fun watching Turkish men throw hissy fits on the backgammon server last night. They seemed to have a knee-jerk reflex of accusing me of being a "woman".

So yeah, it's the other kind of philosophical hacking.
[ link to this | view in chronology ]
Michael, 18 May 2006 @ 8:48am

huh A little poker up front leads to a little poker in the rear.
[ link to this | view in chronology ]
- Dubya, 18 May 2006 @ 9:32am
  
  Re:
  I thought that was liquor in the front, poker in the rear...I'll have to ask "Big L" about that...
  [ link to this | view in chronology ]
hautedawg, 18 May 2006 @ 9:18am

Poker pity parties
First, I don't think people playing poker (for REAL money) on the internet are great social members of society. There are plenty of REAL games going on, but you have to have friends. Second, reporting it is a little like "I was buying crack, but he sold me soap", it just doesn't seem right. Lastly, if you aren't wise enough to realize these folks, hackers and other malicious deviants are rigging the game anyway, you deserve to have your account wiped clean. Just go to the boats, or to a "friendly" game or somewhere that you know you are being played a fairly fair game. Huh, they took my money and I thouht I'd make a fortune....go figure.
[ link to this | view in chronology ]
- Hybrid player, 18 May 2006 @ 1:01pm
  
  Re: Poker pity parties
  You may be partailly correct, but online you will win by playing good fundamentals. So, you can go there to get good at learning your odds, etc. So that when you are playing in REAL games, you have a better chance of winning.
  [ link to this | view in chronology ]
- UK, 19 May 2006 @ 4:19am
  
  Re: Poker pity parties
  Thats fine if you live in the US
  
  Many other parts of the world don't have much real life poker thats easily accessible
  [ link to this | view in chronology ]
- David, 24 May 2006 @ 7:52am
  
  Re: Poker pity parties - hautedawg
  This sounds like something someone who knows absolutely NOTHING about poker or online poker would say.
  
  Comparing playing online poker to CRACK? Try arguing on a topic you at least know SOMETHING about. Now I know you're going to get all pissed off about that sentence, but seriously ask yourself if you have any knowledge or experience on the topic. Then go find somewhere else to post your ranting.
  [ link to this | view in chronology ]
yossi, 18 May 2006 @ 9:24am

you know
some idiots realy do go to the cops when someone steals their weed
[ link to this | view in chronology ]
PokerSTUD, 18 May 2006 @ 9:42am

UMM mind telling us what app this could be!
[ link to this | view in chronology ]
Darknet, 18 May 2006 @ 10:00am

Clever Stuff..
Making it look like it's a normal loss against the rootkit owners bot players..
[ link to this | view in chronology ]
Jim Hughes, 18 May 2006 @ 10:04am

Questionable legality?
The legality of online gaming is only questionable in some countries like the US.
[ link to this | view in chronology ]
jailthespammers, 18 May 2006 @ 10:31am

Only a idiot would play poker online for money. Most of it is rigged in some way or other. Remember too that most of these places are run by crooks.
[ link to this | view in chronology ]
- ctwxman, 18 May 2006 @ 4:11pm
  
  I play
  I deposited $250 at PokerStars in August 2003. I am still playing. I have around $1,000 in the account now - meaning I've made something like 12 cents an hour!
  
  Yes - it is possible to rig ANY game, but most of the tournaments (single table or multi-table) are structured in such a way that collusion would be noticeable. When 'sit'n go' tournaments fill up in seconds, two people playing together would stick out like a sore thumb.
  
  I have played tens of thousands of hands online, which makes me a much better player in real casinos. Going on vacation and coming back with money is much more fun than losing - and I am sure my online experience is why my offline experience is so good.
  
  Online players, by and large, seem stronger than casino players. Maybe it's playing more hands? Maybe it's that we never see the other players, so we learn to read cards and situations - not tells? Who knows?
  
  Anyway, whenever I read about how online poker is fixed, I laugh and check my account.
  [ link to this | view in chronology ]
Russ, 18 May 2006 @ 11:08am

No details = no story
What programmer? What on-line site? What program?
No details = bullshit story.
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2006 @ 11:30am

Those words in blue in the first sentence are what's called a link. Click them and you shall be provided with your precious "details".
[ link to this | view in chronology ]
Moo, 18 May 2006 @ 12:49pm

This code-monkey
...is hanging from the rafters somewhere I should hope.
[ link to this | view in chronology ]
Me, 18 May 2006 @ 1:01pm

This sounds like a fantistic idea. If anyone knows how he did it, let me know. I need to find a free windfall of money somehow.
[ link to this | view in chronology ]
anonymous coward, 18 May 2006 @ 1:29pm

maybe the rootkit is just bluffing? i say go all in.
[ link to this | view in chronology ]
|333173|3|_||3, 18 May 2006 @ 6:22pm

How to really win in online poker
I have a friendwho, with his boss, came up with a way to really win. on one poker site, the practice games could be played for pretend money. If you switched to a real game, you kept the practice money, and could lose it, but if you won you could not cash it in, so one (usually my friend, he is under18) would win some cash on the practice games, then switch to real games, and lose to the other, who would then cash in the money, and split it, 70-30. I don't know how much he made, or the site they used, though.
[ link to this | view in chronology ]
David, 24 May 2006 @ 8:11am

By the way, I've played hundreds of thousands of hands online and have made a sizeable chunk of money at it. Cheating does exist. One player recently had over 100K taken from him because the site found that he was colluding with himself (logging onto the site multiple times as different screen names and playing in the same tourney as himself). THe site (Party Poker) dispersed his winnings out to the people he had won money from and he was banned. In my many hours of playing online I've only come across something that looked like cheating once or twice. I reported it to the site's security team and they investigated it.

Also, the shuffling technology/algorhythm is pretty advanced and is, IMO, MORE random than a deck being shuffled by a dealer after each hand.

As far as poker sites being run by crooks - Party Poker is currently a coorporation in the Euro stock exchange. These are real companies with tech support, developers, etc. With 80K people logged in at once, these companies don't have the time or the NEED to cheat. They are making a TON of money by legitamate means (each pot is raked, or they make a little off of tournament entry-fees). It's just hilarious to me how many people just ASSUME that all poker sites or gambling sites are scamming people - they don't need to.
[ link to this | view in chronology ]
mike, 23 Jun 2006 @ 9:30am

just figure out someones password! all you need to do is gain access to there computer! its just like stealing a hotmail account password through the registry.
[ link to this | view in chronology ]
mary, 29 Jan 2007 @ 9:39am

cant get on at school
how do i get on at school
[ link to this | view in chronology ]
EDDIE, 19 Jan 2008 @ 10:40pm

I just read some idiot saying he checks his on line acct when someone questions if on line poker is rigged or not. I respond by saying, you sir are a FOOL. Of course it is rigged and easily so. I know someone who does it every day. That is his job, and it is almost every site that feeds off of what he does. Abs Poker, Full Tilt, Poker Stars, and Party Poker(why, I don't know, PP is a beginner BS site), are all recipients of his work. They are all scams. He says, Abs Poker is the worst of them all.
[ link to this | view in chronology ]
Captain Truth, 31 Jul 2008 @ 4:28pm

EDDIE is correct. They are all scams designed to increase flow of money to the site. I am involved in computer game development (althouth I do not work directly with poker programs, it is the same general type of technique). The end results come out right, but the whole process is completely deviant.
[ link to this | view in chronology ]
Captain Truth, 2 Aug 2008 @ 4:53pm

Once upon a time there were some entrepreneurs who saw a need and created a gambling venue (just like the internet poker guys). Then called the place VENUELAND.

Now there were a lot of people who wanted to play at VENUELAND (just like the internet poker guys). They had plenty of customers. There was no regulation of VENUELAND(just like the internet poker guys) . No laws and nobody with any punitive authority over the management of VENUELAND. They were on their own(just like the internet poker guys) . They had to decide based on what was in their own best interest, how to conduct the business of VENULAND (just like the internet poker guys). Of course, they had the opportunity to run a legitimate game, or an illegitimate game (just like the internet poker guys). They had to weigh the pros and cons of each. In the end, they were in business and wanted to do what was best for business (just like the internet poker guys).

Of course, they knew that the odds were with them and they could make plenty of $$ just running a legitimate game (just like the internet poker guys), but, was this really the best? It seemed they had ample opportunities to cheat and make more money (just like the internet poker guys), but they had to consider if they did do something illegitimate, what would be the effect on their reputation. Would they lose business? Why kill the ‘golden goose’? (just like the internet poker guys).

After looking at the situation, they realized that the players weren’t going anywhere because they wanted to gamble and this was an addiction for most (just like the internet poker guys). And since there was nobody there to shut them down and put them in jail (just like the internet poker guys), the only real reason to run a legitimate game was ethics. Running a legit game was the morally right thing to do, as there was still plenty of money to be made.

Well, as it turns out, the ‘management’ of VENUELAND weren’t particularly moral guys. The said “morals shmorals – fuckm – we can make more money doing it however we want. So what. Nobody can do anything about it. If we get caught and someone gets noisy, we’ll try to smooth it over, or we’ll put the person in cement if they don’t like it.

And so the ‘management’ of VENUELAND ran a completely rigged, dirty, illegitimate game and, ultimately, VENUELAND didn’t become legit until they came in and throughout all the people in charge of VENUELAND and set up rules and regulations where if the games weren’t legit, they could be shut down and thrown in jail.

Of course, VENUELAND is Just a figment of my imagination … but is it? Actually, it’s not. This is pretty much what happened with a place called LAS VEGAS. Las Vegas showed us what happens when you put people in charge of running a gaming venue with a profit motive under the ‘honor system’ and no form punitive authority over them. We know this. We’ve already been through this with the early days of Las Vegas.

Now I know what you’re saying. You are saying, “yeah, that’s fine but Vegas was formed and managed by a bunch of thugs … the people who are running internet poker rooms aren’t that. They are honorable, ethical people with high morals, so this doesn’t apply”

Nay nay – the people managing internet poker rooms are the same people (types of people) who were running Vegas. They are various breeds of crooks and thieves who have spent their entire lives operating on the fringes of legality in various forms, several of which have known criminal records. They are the same types that ran Vegas in its early “wild west” days where every game in town was filthy. But don’t believe me.

You need only look as far as the scandals that have come public in the past year to know that this is the truth. First we had the Absolute Poker scandal, where “an inside employee” it was revealed, was playing with access to other players’ hole cards. Somehow, when someone got too greedy, it got out. Of course, “management” attempted to cover it up, but the uproar on the boards like P5, etc. created too much heat and so they were forced to admit that it was going on. Not-so-cleverly, they blamed it on “a rogue employee.” Oh puleeze – that excuse hasn’t worked since the Nixon administration. In fact, Nixon tried that one with Watergate, and it didn’t work. And it didn’t work for Enron. It NEVER works. Anytime anything that looks like corporate fraud happens and they blame it on a “rogue employee”, we ALWAYS eventually find out that it was deeper than that. Then comes the “hush money” where they make like they are reimbursing people for the money that was stolen from them, while, at the same time, they are still doing it! But it’s not a rogue employee – it’s a systematic management scheme to defraud the players all along, and the instance you hear about is just the tip of the iceberg – the one instance where it got out. But don’t believe me, because the folks at ULTIMATE BET told us that management is doing it! Look at the more recent scandal… ULTIMATE BET.

Yes indeed, it happened again this year…. I’ll spare you the bloody gory details … look it up yourself .. but the same thing… employees of ULTIMATE BET rigging games and playing with knowledge of hole cards of other players, etc. When it comes out, same procedure – attempted cover up. When it gets out too far to cover up, they admit it, attempt to silence the situation with hush money to “affected players”, then they come up with the excuse.

The folks at UB knew that the “rogue employee” excuse doesn’t pass the laugh test, so they didn’t even attempt it!! Instead, they admitted that it was management systematically stealing from customers by rigging games, viewing hole cards, etc. But they said it wasn’t THEM … you ready .. it was PREVIOUS MANAGEMENT doing it . Oh puleeze.. gag me with a spoon.

Regardless, here is the point, because it really doesn’t matter which management was doing it, or which employees or how rogue. The fact is this: these are examples of how the folks behind the scenes at these places are shady and of less than exemplary character. They are people without the proper sense of ethics and morals to be allowed to operate anything like this under the HONOR SYSTEM. And if you leave money on deposit with these types of people under the “honor system” and expect them to act honorably .. well then, you deserve to lose your freakin money.

And we know from the experiment called Las Vegas that unethical people will ALWAYS choose to run an illegitimate game under the honor system unless there is a constant threat of being closed down and or imprisoned for violations. The people running the internet poker rooms (besides Party) are all people of shady backgrounds who are doing the same thing. If you wanna trust these thieves with your money, that’s your problem – but don’t cry to anyone when you lose your money and blame it on bad luck – it’s your own stupidity.
[ link to this | view in chronology ]
Anonymous Coward, 13 Apr 2010 @ 1:32pm

yes
[ link to this | view in chronology ]