Risk
6/28/2010
08:17 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Hackers Busted In Online Poker Cheats

Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.

Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.I've heard of targeted cyber attacks, but this isn't something I'd previously considered: using botnet bots not to launch denial-of-service attacks, but to spy the hands of opposing card players.

This is from a story that ran in today's JoonAng Daily:

The Cyber Terror Response Center in Gyeonggi said the gang used a DDOS attack to infect 11,000 computers at 700 PC rooms across the country.

Police said Yu bought the "Netbot Attacker" program from a Chinese hacker last November, then sold copies online to Kim and others. The gang broke into the administrative systems of the PC rooms and installed the virus in their computers to allow them to see the hands of poker opponents.

According to the story, the 33 hackers cheated online poker players out of 55 million won, the equivalent on about $45,265. I'm sure the reporter meant that the attacker's used bots designed for DDOS attacks to infect the PCs, not that the PCs were infected through a DDOS attack.

Now, these bots are commonly used to launch attacks that swamp Web sites and servers with so much traffic that they can't keep up with requests and either become painfully slow or crash until the attack can be stopped or mitigated. However, one an end point is infected with a bot, that bot can be often used to download other types of attack software, or do other things on the system: which is apparently what these attackers chose to do with their poker cheats.

Online gaming is a popular target for online attacks, but usually it's the gaming site owner that is targeted, not the players. I wrote about such attacks in a story, Extortion Online, in late 2004.

In those threats, botnet operators were threatening to use their networks to make the gaming sites unavailable - unless they were paid $100,000 annually.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0196
Published: 2015-06-29
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2015-0545
Published: 2015-06-29
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2015-1900
Published: 2015-06-29
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.

CVE-2014-4768
Published: 2015-06-28
IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.

CVE-2014-6198
Published: 2015-06-28
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report