clock menu more-arrow no yes

Filed under:

Hackers broke into poker pro's hotel room to install 'sharking' malware

New, 32 comments

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

lock stock cards
lock stock cards

This September, on the Barcelona leg of the European Poker Tour, Jens Kyllönen had a strange run-in with the criminal underworld. He'd busted out of that day's tournament early, but when he returned to his hotel room, his laptop was missing. He went downstairs to find his roommate, but when they came back to the room together, the laptop had mysteriously reappeared. And to make things even more suspicious, Kyllönen's computerized room key was malfunctioning, triggered by some problem with the electronic door lock.

Attackers installed malware on his laptop as he played downstairs

It took a trip to the malware research firm F Secure, but Kyllönen finally got to the bottom of it. He'd been targeted by criminals who had cracked his room's electronic lock and installed a remote access Trojan on his laptop while he was playing in the tournament downstairs. Once operational, the software gave the attackers a view of whatever was happening on Kyllönen's screen. That's inconvenient for most, but for a professional poker player who bets thousands of dollars both online and in face-to-face tournaments it's a much bigger problem. As soon as Kyllönen logged on, the attackers could see where he was playing and what his cards were. Getting their money was as simple as waiting for the right hand.

Luckily Kyllönen spotted the attack before he could lose any money, but the news raises broader questions about attacks on gamblers, a tactic F Secure has dubbed "sharking." By targeting poker pros with well-publicized travel schedules, criminals can install the malware directly (in Kyllönen's case, through a USB stick), and make their move while players are busy at the tables. Once the Trojan is installed, the attackers can get their payoff whenever the target logs on to play a hand. To make things worse, there's no telling how often this attack has been deployed. Kyllönen knew something was up when his computer had problems booting up, but when F Secure scanned Kyllönen's roommate's computer, they found the same Trojan. The attackers are still at large.