Risk
6/28/2010
08:17 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Hackers Busted In Online Poker Cheats

Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.

Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.I've heard of targeted cyber attacks, but this isn't something I'd previously considered: using botnet bots not to launch denial-of-service attacks, but to spy the hands of opposing card players.

This is from a story that ran in today's JoonAng Daily:

The Cyber Terror Response Center in Gyeonggi said the gang used a DDOS attack to infect 11,000 computers at 700 PC rooms across the country.

Police said Yu bought the "Netbot Attacker" program from a Chinese hacker last November, then sold copies online to Kim and others. The gang broke into the administrative systems of the PC rooms and installed the virus in their computers to allow them to see the hands of poker opponents.

According to the story, the 33 hackers cheated online poker players out of 55 million won, the equivalent on about $45,265. I'm sure the reporter meant that the attacker's used bots designed for DDOS attacks to infect the PCs, not that the PCs were infected through a DDOS attack.

Now, these bots are commonly used to launch attacks that swamp Web sites and servers with so much traffic that they can't keep up with requests and either become painfully slow or crash until the attack can be stopped or mitigated. However, one an end point is infected with a bot, that bot can be often used to download other types of attack software, or do other things on the system: which is apparently what these attackers chose to do with their poker cheats.

Online gaming is a popular target for online attacks, but usually it's the gaming site owner that is targeted, not the players. I wrote about such attacks in a story, Extortion Online, in late 2004.

In those threats, botnet operators were threatening to use their networks to make the gaming sites unavailable - unless they were paid $100,000 annually.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.