EPT Barcelona laptop hacking scandal verified

hacker-300x200A security company, F-Secure Labs, has confirmed that Jens Kyllonen’s laptop along with the laptop of his roommate, Henri Jaakola during his stay at the Barcelona Arts Hotel was infected with a “RAT” a Remote Access Trojan. The RAT Trojan would allow the perpetrators to remotely view Kyllonen’s laptop, ostensibly to superuse the high-stakes online poker pro.

F-Secure ran tests on Kyllonen’s laptop and discovered they could remotely access and view everything he did, including playing hands of poker.

The story of Jens “Jeans” Kyllonen and his “wandering” laptop was a big story a few months ago, as it had a little bit of everything; from bungling hackers and disappearing/reappearing computers to a potential conspiracy among the staff of one Barcelona’s finest hotels. But with the suspicions now verified we seem to have a much better handle on what occurred, and some of the fringe theories can finally be thrown out the window.

You can read a summary of what occurred here, and the original 2+2 thread on the matter here.

What Happened?

This seems to have been a coordinated attack at a high-profile poker tournament. While it’s possible that bribery or an immoral employee could be involved in handing over room keys/guest lists, there is also another plausible explanation.

It wouldn’t take too much effort for someone who follows the world of poker to sit in a hotel lobby and identify which poker players were staying at the hotel. Once identified, and leaving the hotel (to go play in the tournament) it would simply be a matter of going to the desk, claim you lost “your” room key, and hope the staff just hands you a new one.

As we’ve seen in the past, there are plenty of unscrupulous poker players, and just as many unscrupulous hangers-on who could be travelling the European tournament circuit and who would have little issue with hacking poker players in this manner.

So while the conspiracy theories are fun to examine and play out to the end, the far more likely scenario is that this isn’t simply an incident that happened at an EPT Barcelona stop, it is probably occurring at hotels around the globe –and as you’ll see in the next header, F-Secure indicates that this type of attack isn’t limited to poker players either [see: whaling attacks].

The RAT Trojan

According to F-Secure Labs, the hackers installed the RAT Trojan via a USB stick and programmed the virus to start at every reboot of the computer. According to the company, the virus is written in Java and isn’t overly complex, but would be effective. F-Secure also gave a brief explanation of what a RAT virus is:

A RAT, by the way, is a common tool that allows an attacker to control and monitor a laptop remotely, viewing anything that happens on the machine.

With both Kyllonen and Jaakola finding the same Trojan on their respective laptops and with rumors of other suspicious behavior at EPT tournaments talked about in the 2+2 thread (namely Scott Seiver and Jason Koon) F-Secure has decided the attacks are widespread enough to garner their own name:

The phenomenon is now big enough that we think it warrants its own name: Sharking. Sharking attacks are targeted attacks against professional poker players (a.k.a. poker sharks). It’s similar to Whaling attacks which are targeted at high profile business managers.

 

Relevant news