14 DAY TRIAL // Similar to high-profile business managers, who are targeted in cyberattacks known as “Whaling attacks,” professional poker players are targeted with Sharking attacks. A perfect example is provided by researchers from F-Secure.
The Finland-based IT security firm has been visited by Jens Kyllönen, a professional poker player who has won around $2.5 million (€1.8 million) over the past year. Kyllönen brought in his laptop for an investigation on suspicion that it had malicious software installed on it.
The poker player had participated in the European Poker Tour in Barcelona. At one point, he took a break from playing and went up to his room. He noticed that his room key wasn’t working.
After getting it to work, he noticed that his laptop was missing. Initially, he thought his friend Henri Jaakkola, who was staying in the same room, borrowed it. However, this wasn’t the case.
When he returned to the room later, he found the laptop. The fact that the device went missing for some time and the fact that the operating system didn’t boot normally made him suspicious, so he decided to take the computer in to F-Secure for an investigation.
Experts identified a Remote Access Trojan most likely installed from a USB stick and configured to start automatically every time the laptop was rebooted.
Such RATs are designed to allow attackers to take control of infected devices. However, in the attacks against poker players, all they need to do is monitor them to see what cards they have when they play.
The Trojan analyzed by F-Secure is not complicated. However, it can be very efficient since it works against any online poker website. Furthermore, it’s written in Java, which means it can run not only on Windows, but on Mac and Linux machines as well.
Jaakkola, Kyllönen roommate, had the exact same Trojan installed on his laptop.
“This is not the first time professional poker players have been targeted with tailor-made trojans. We have investigated several cases that have been used to steal hundreds of thousands of euro. What makes these cases noteworthy is that they were not online attacks. The attacker went through the trouble of targeting the victims' systems on site,” researchers at F-Secure noted.