Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Can my machine be hacked so people can see my cards?

  • 05-06-2007 9:59pm
    #1
    Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭


    The short answer is yes. The longer answer is: it most likely hasnt been.

    Firstly, anyone who starts spouting crap on this thread with deliberately dumb advice is getting a size 9 in the h*le.

    Secondly, this has NOTHING to do with online poker being rigged. There are very good logical reasons and proofs that is it NOT rigged by the house. With the amount of analysis software out there, and the number of hands recorded, by now if there was a bias someone would have been able to point to it now. They havent.

    This post is about what COULD be done to your machine to render it accessible in some way or reveal your cards to others.

    Downloading and running anything (from a video to a song to a piece of warez etc) instructs your computer to perform whatever actions are encoded therein. Mostly those are legit, however you simply dont know if they are or not.

    Once you have run this whatever, you are banjaxed. Someone sitting on the other end can see exactly what you see. I use similar software to remotely look at the machine that serves Antesup.com. Its sitting somewhere in Hosting365 but I can not only see everything on its screen, but I can control it from my laptop like I was there too, keyboard, mouse, everything.

    This sounds terrifying if you dont understand the realities of the situation. Firstly, why would they bother trying to beat you at cards with an edge when they could just as easily have your credit card or bank login details. Seems a long way around simply to rob you.

    Secondly the chances of this occuring to YOU are very very small. Such a malicious thief is going to go after the top players rather then taking money from 1/2 players. Taking this a step further, why wouldnt he use this tech to target someone much bigger, someone with more power and money?

    In 18 years of being online I've never been hit a virus or trojan. Never. Its just not as common as people want you to believe. Scared people buy anti-virus software so there is a conflict of interest when the big AV companies tell you about the big scarey boogie men out there.

    That said, you need to take precautions. If I could change just 5 things people do, in order to make them more secure they would be:

    1. Dont run files from sources you arent sure about. (dont let your kids do it either, cos they will).

    2.Turn off the preview pane in Outlook. Better still, dont use outlook but if you must DONT allow it to open the mail in a preview window.

    3. Get a GOOD anti virus program and anti-spy-ware. look for Avast or AVG (from grisoft) and use it every week at least. Both are free (or at least they offer free versions).

    4. Automatically patch and update windows. There are options to do this. Being up to date with patches makes you VERY VERY hard to hack.

    5. Get a firewall, preferably a hardware one but even a software one, something like Zonealarm, is good.

    The 2+2 thread is also good.

    These things are most likely out there (I dont know for sure as I have never looked for something like this), the technology certainly permits it though typically it will need the user to accept or initiate such spyware (thats where the promise of free porn or funny videos sent in emails come into it).

    I doubt I will ever encounter a machine with such a backdoor. I'd bet my bankroll that it exists though.
    Similarly, people will absolutely definitely die in traffic accidents tomorrow. It most likely wont be you. Will you still drive to work tomorrow?


    Finally, if any regular players on GJP want me to check their machines for anything like this I'm happy to do so.

    DeV.


Comments

  • Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    whats that UnPnP thing about in the link?


    P.S - i cant drive. :(


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Re: Universal Plug-n-Play on a router, read this simple english artcile:
    http://www.informit.com/articles/article.asp?p=461084&rl=1

    DeV.


  • Registered Users, Registered Users 2 Posts: 5,083 ✭✭✭RoundTower


    Good post Tom.

    I think more likely than seeing your cards is someone stealing your login details with a keylogger, which is a much more likely thing for someone to sneak into a virus/worm/trojan.

    I heard (not sure how reliable, but I believed the guy) about 80% of assaults on poker accounts end up in "joyriding", someone just gambling with the guy's money, instead of chip dumping. This is actually bad, because it is much harder to get the money back from the site.

    Also that most of these are done by someone you know who has access to your computer, typically people think it would be fun to play a few hands, lose a few hundred or so, panic, and then do your whole tank trying to win it back.


  • Registered Users, Registered Users 2 Posts: 3,615 ✭✭✭Mr.Plough


    doubt it happens alot, but it is of course possible, and its fairly simple to remote desktop or whatever to your pc.

    dodgy porn -> -EV


  • Registered Users, Registered Users 2 Posts: 7,501 ✭✭✭BrokenArrows


    Well i remember, probably about 8 or so years ago now script kiddie programs such as Subseven and alot of very similar programs that i cant remeber the name of were used alot(:D ) and not many people had decent virus protection.

    These were basically trojans that basically gave the hacker(very liberal use of the term) complete usage of your computer just like they were sitting at the computer them selves.

    IIR subseven allowed the user to download snapshots of the users screen and view it instantly. This type of program would allow people to see your cards.

    Now if someone was going to go to the trouble of doing this sort of thing they would probably write their own software and a program to take a snapshot of the user screen and send it to a remote location would not be hard to do. Give me a few hours and im sure i could throw something together but im not going to because im lazy.

    The problem would be actually installing, hiding and executing the program when the user is playing poker. So unless you dont actually notice anything about your computer you will probably notice something is up.

    They would also have to keep track of your username and what table you are at, and of course they would have to find you in the first place. The internet is a big place and not everyone plays poker and even fewer play high enough stakes to make this worthwhile.

    As DEVORE said, its simple, dont run files that your not sure of the source.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,263 ✭✭✭strewelpeter


    RoundTower wrote:
    I think more likely than seeing your cards is someone stealing your login details with a keylogger, which is a much more likely thing for someone to sneak into a virus/worm/trojan.
    Keyloggers are a great way of getting access to all kinds of inadequately secured accounts but for an attacker, particularly a solo or less sophisticated attacker there is the non trivial issue of getting the money clean away.
    Imagine an attacker with the technical ability to prepare a screen scraper that can phone home (trivial, if you are into that kind of thing) and has the wherewith all to target their nefarious package at particular individuals. Wouldn't it be very +ev to get your package onto the machine of a high stakes cash player. Unless the cheating player can have the trojan traced back to them or did something really silly like having the trojan report to the same IP as they are playing from then the money is clean.
    If I was playing high stakes online I would be even more careful than I already am about what else was running on my PC (to the point of paranoia). If I was the Original poster in the other thread who is suspicious that something odd was happening I would probably spend the money to have a good IT Security person examine the box in question (before reformatting the disks ;)).


  • Registered Users, Registered Users 2 Posts: 2,764 ✭✭✭DeadParrot


    Oh the glory days of Back Orifice and its ilk...
    Where script kiddies overran IRC and they all thought they could be Johnny Lee Miller and score Angelina :)

    Great days indeed.


    Something simple like TCPview might solve a lot of these worries btw


  • Closed Accounts Posts: 485 ✭✭HeeHawsCantona


    Yeah my online security is practically non existant - I've been very naive here and have obviously paid for it - this has been bugging me for ages and I've asked so many people about it but always in terms of can the game be hacked rather than my PC. Thinking back now about a year ago or more every 3rd or 4th time I opened a website my PC would go to some random Poker site that often I'd never heard of so obviously I had some sort of infiltration even then.


  • Closed Accounts Posts: 127 ✭✭loadabollocks


    i felt hacked the other day. I was playing a tournament on paddy power and it was down to me heads up against another guy. i had about 5000 chips, he had about 1000. all of a sudden my mouse stopped working. this has never happened before and hasnt happened since. in fact nothing would respond including the keyboard, ctrl alt del or anything. I had to sit there watching him call and raise everything and eventually take all my chips. raging i was.


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Strewelpeter, if they can keylog your password... they can just go to an internet cafe (or my personal favourite, a laptop with a mobile connection which drives between cells to force mast-switches :) ) and dump the money through the game. Its almost impossible to prove or refund.

    I dunno if you should get TOO paranoid HHCantona, but I would follow a few of those links and get some protection. If you arent comfortable doing that sort of thing, perhaps someone in your office/workplace might be able to?
    Either that or you need to bring it to a PC clinic.

    Personally I run two firewalls, two virus cleaners, spyware-protection and reduced authority for the user account I generally use. But then because of Boards and some of my history online, there are a lot of people who would like to hack my machine. :)

    DeV.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 39,900 ✭✭✭✭Mellor


    RoundTower wrote:
    I heard (not sure how reliable, but I believed the guy) about 80% of assaults on poker accounts end up in "joyriding", someone just gambling with the guy's money, instead of chip dumping. This is actually bad, because it is much harder to get the money back from the site.
    I've heard this too. I think from Raymer, his account was "hacked", in a very low tech sense. Trial and error for his password. The guy didnt try joyriding, but tried to dump it to his own account. Playing heads up, but he only had $20 so it was going to take him a while. Luckily for raymer he often has railbirds on hs tables so they spotted something was up straight away. And accounts were frozen.

    As for the guy yesterday, it was just a luckily call from a bad player. I am sure of it. IF the player had remote access to your screen, then why would he flat call. He would ship it knowing you would fold and never see his hole cards.


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    i felt hacked the other day. I was playing a tournament on paddy power and it was down to me heads up against another guy. i had about 5000 chips, he had about 1000. all of a sudden my mouse stopped working. this has never happened before and hasnt happened since. in fact nothing would respond including the keyboard, ctrl alt del or anything. I had to sit there watching him call and raise everything and eventually take all my chips. raging i was.
    The odds of the guy who has "hacked" you being the other player heads up is astonishingly low. I dont think you were hacked, you experienced what we call a "lock up". Its when the piece of software that manages all the "peripherals" (keyboard, mouse etc) crashes. The only solution to it is to hard reboot. You could have done this long before he blinded you away I expect too!!

    DeV.


  • Registered Users, Registered Users 2 Posts: 39,900 ✭✭✭✭Mellor


    Thinking back now about a year ago or more every 3rd or 4th time I opened a website my PC would go to some random Poker site that often I'd never heard of so obviously I had some sort of infiltration even then.
    Pissible that they was/is adware on your computer, this is 100% unrelated to a program to get info, as such a program would want to run undetected.
    For reasons pointed out above you were just unlucky, not hacked, it doesn't fit in.


  • Closed Accounts Posts: 127 ✭✭loadabollocks


    DeVore wrote:
    The odds of the guy who has "hacked" you being the other player heads up is astonishingly low. I dont think you were hacked, you experienced what we call a "lock up". Its when the piece of software that manages all the "peripherals" (keyboard, mouse etc) crashes. The only solution to it is to hard reboot. You could have done this long before he blinded you away I expect too!!

    DeV.

    yeah that sounds about right. At the time i was convinced though. He seemed to realise straight away and take full advantage, in case i rebooted like you said and got back in. I was just baning the keyboard in my rage and cursing wildly. Anyway i know for the next time thats what im to do.
    Thanks.


  • Closed Accounts Posts: 25 The Scrapper


    yeah that sounds about right. At the time i was convinced though. He seemed to realise straight away and take full advantage, in case i rebooted like you said and got back in. I was just baning the keyboard in my rage and cursing wildly. Anyway i know for the next time thats what im to do.
    Thanks.


    If you had 5000 and he had 1000 it was more than likely a 6 seater sng......wouldnt say the amounts were too high and the chances of the guy hacking you to win an extra 50/100 eurons would be about 1 in a ..........million gazillion gabillion, or something like that


  • Closed Accounts Posts: 19,341 ✭✭✭✭Chucky the tree


    Dont tick the "auto remember password" opition either.


  • Registered Users, Registered Users 2 Posts: 549 ✭✭✭Jam-Fly


    RoundTower wrote:
    most of these are done by someone you know who has access to your computer, typically people think it would be fun to play a few hands, lose a few hundred or so, panic, and then do your whole tank trying to win it back.

    look, I said I was sorry a hundred time


  • Closed Accounts Posts: 127 ✭✭loadabollocks


    If you had 5000 and he had 1000 it was more than likely a 6 seater sng......wouldnt say the amounts were too high and the chances of the guy hacking you to win an extra 50/100 eurons would be about 1 in a ..........million gazillion gabillion, or something like that


    yeah was a 6 seater sng, small stakes. looking back at it it seems rdiculous but at the time as was convinced.


  • Registered Users, Registered Users 2 Posts: 2,004 ✭✭✭pok3rplaya


    Dont tick the "auto remember password" opition either.


    I've always wondered about this. When you click this box, where does it save the pass, what encription does it use and how well does it remove the info if you then unclick the box at a later date?

    Anybody know?


  • Registered Users, Registered Users 2 Posts: 2,764 ✭✭✭DeadParrot


    I would imagine its in the registry
    Hkey_local_machine --> software might be a good place to start looking


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,764 ✭✭✭DeadParrot


    Actually Hkey_Current_User
    has my (uninstalled) values on my work laptop, well my game settings anyway
    with 1 or 0 depending on my preferences. 0 as savepassword
    I'll check my own when I get home
    Interesting


  • Registered Users, Registered Users 2 Posts: 1,263 ✭✭✭strewelpeter


    DeVore wrote:
    Strewelpeter, if they can keylog your password... they can just go to an internet cafe (or my personal favourite, a laptop with a mobile connection which drives between cells to force mast-switches :) ) and dump the money through the game. Its almost impossible to prove or refund.
    ...
    DeV.
    Thats true, but there is still an obvious crime committed. Whether or not the company holding your account that was hijacked by the keylogger will help you follow the money is another matter, as you imply its unlikely you are going to get any help from them.
    The thing that is interesting about a targeted screen scraper is that once in place it can be used to continually rape the victim without there being any indication of a crime taking place.
    One reason that makes this attack very unlikely is that the criminals who perpetrate these kind of attacks (unlike the people who think them up) are almost invaribly too greedy and unsubtle to remain undetected for any length of time.


  • Registered Users, Registered Users 2 Posts: 7,754 ✭✭✭ianmc38


    Passwords are stored in the registry. Most updated AV packages can detect keyloggers and similar crap immediately. Just make sure you keep update AV software, a firewall, anti-spyware/adware/malware and some form of process guard.


  • Registered Users, Registered Users 2 Posts: 7,537 ✭✭✭Ste05


    ianmc38 wrote:
    and some form of process guard.
    I have all the rest but what are these? I presume some kind of software that monitors the processes running :rolleyes: ...

    Any recommendations for free ones??


  • Registered Users, Registered Users 2 Posts: 2,004 ✭✭✭pok3rplaya


    ianmc38 wrote:
    Passwords are stored in the registry..
    Encription?


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Just checked mine there (I had it remember my password, I do not recommend ticking that option, ever btw).

    It is stored in a field named "Password" but it is encrypted with some encryption algorithm. Its not hashed (as its considerably longer then my password) but I dont know what encryption protocol they are using (I know some things about encryption but its not a primary interest of mine).

    DeV.


  • Closed Accounts Posts: 485 ✭✭HeeHawsCantona


    this is the thread I was talking about


  • Registered Users, Registered Users 2 Posts: 4,751 ✭✭✭BigCityBanker



    I had an IT friend check over my PC and basically I had been hacked into through an e-mail I had opened or something like that


    any more details? this sounds very interesting.


  • Closed Accounts Posts: 485 ✭✭HeeHawsCantona


    Talk to me on Sunday Noel and I'll fill you in - I dont want to go into it on here


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,751 ✭✭✭BigCityBanker


    cheers, no probs.


  • Closed Accounts Posts: 121 ✭✭pumpkinpints


    Talk to me on Sunday Noel and I'll fill you in - I dont want to go into it on here
    dirty porn FTW! lol


  • Closed Accounts Posts: 485 ✭✭HeeHawsCantona


    I wouldn't be surprised knowing me as I do.


Advertisement