Thursday, 12 December 2013

Poker Shark's Laptop Pwned by "Evil Maid" Attack

Sharking RAT Professinal poker player Jens Kyllönen learned a lesson about computer security earlier this year: Don't leave your computer unattended without securing it first, not even in your hotel room.
Kyllönen was playing in the European Poker Tour event in Barcelona last September when he discovered that his laptop had gone missing from his hotel room. Since the laptop reappeared exactly where he had left it a short while later, he thought maybe his roommate, another professional poker player in the tournament, had borrowed it. Kyllönen became suspicious when he discovered he no longer needed to log in to his laptop and the operating system did not boot up properly, according to a write-up of the incident.
When his roommate Henri Jaakkola denied knowing anything about it, Kyllönen asked F-Secure to investigate.
Eek! A RAT Found!
Kyllönen was right to be concerned, as F-Secure researchers found a remote access Trojan (RAT) installed on the laptop, F-Secure posted on its blog earlier this week. It appeared the attacker had installed the malware using a USB stick and configured it to automatically start whenever the computer turned on to monitor Kyllönen's activities.
This RAT allowed attackers to view what Kyllönen was doing on the computer, a very serious problem considering Kyllönen also plays in online poker tournaments. F-Secure posted screenshots showing how the attacker could see what cards Kyllönen was holding during a game. If the attacker was sitting at the same virtual poker table, then the attacker has an advantage and "knows to hold out for a better hand," F-Secure said.
"He's a high-roller by any measure, with wins in the range of 2.5 million dollars from the past year," F-Secure said.
An Evil Maid Attack
Written in Java, the Trojan can work on any platform (Windows, Mac, Linux), and appears to work against any online poker site, the researchers found. F-Secure has investigated several instances of targeted attacks against professional poker players using tailor-made Trojans to "steal hundreds of  thousands of euros," F-Secure said. The company has dubbed these attacks against professional poker players as "sharking," much in the same way "whaling" refers to targeted attacks against high-profile business managers.
It's also important to note that the Trojan did not rely on online methods to infect the players, highlighting how important it is to physically secure our electronic devices from attack.
Security professionals refer to this technique as an evil maid attack, evoking the image of a hotel employee who has access to the computer while cleaning the room and can do something malicious without anyone else knowing. It's easy to forget that the easiest way to compromise a computer is to get to it while it is on and left unattended.
It's important to lock your laptop when you step away from it, even for a short period of time and require an actual login to get access to your desktop. Hard drives should be password protected, and full-disk encryption would prevent anyone else from maliciously installing malware in your absence. If you are on a trip, keep the laptop locked in a safe in a room only you can access, or keep it with you at all times.
"If you have a laptop that is used to move large amounts of money, take good care of it," F-Secure said. That is good advice, and not just for poker players. It doesn't matter if you are using your laptop for online banking or if you handle your company's payroll—you don't want the criminals getting access to your money.

No comments:

Post a Comment