Confirmed: EPT Barcelona Laptop Infected with Screen-Sharing Trojan Confirmed: EPT Barcelona Laptop Infected with Screen-Sharing Trojan
dmpop, SXC Standard Restrictions
Key Takeaways
  • IT Security company, F-Secure has published details of the trojan program that was used in an attempt to defraud players during the EPT Barcelona.
  • Experts at F-Secure identified a Remote Access Trojan (RAT). The program was apparently installed from a USB.
  • The RAT enabled fraudsters to use a remote view of a player’s screen to see their hole cards during play.
  • F-Secure decided that the attack type deserved its own name, “Sharking,” defined as “targeted attacks against professional poker players.

IT security company F-Secure has confirmed that a trojan program was installed on a poker player’s laptop during the EPT Barcelona earlier this year.

Back in July, multiple players reported a security breach in their rooms at the Hotel Arts where players were staying, and reported laptops mysteriously disappearing and reappearing.

The first report was publicized by Jens “Jeans” Kyllonen, who then took his laptop to be looked at by the experts at F-Secure.

In a detailed blog post published Wednesday, F-Secure identified a “RAT”—a Remote Access Trojan (RAT)—was present on the laptop. The security professionals confirmed that the program was installed via a USB port during the period of time that Jens originally reported that his laptop had disappeared from his hotel room.

The blog post at F-Secure shows screenshots explaining how the RAT would enable the fraudsters to use a remote view of a player’s screen to see the hole cards during play.

According to F-Secure, the RAT is “ written in Java and uses obfuscation, but isn’t all that complicated. Since it’s in Java, the malware can run in any platform (Mac OS, Windows, Linux).”

Jens’ room mate Henri Jaakkola was also found to have had the same RAT installed. Other players quickly suspected similar occurances, including Scott Seiver at the EPT Berlin and Jason Koon at the EPT Deauville.

Event organizers PokerStars issued a statement to pokerfuse at the time saying: “While we are not an investigative body, we are providing information and evidence to law enforcement organizations that will help them find and prosecute the offenders… . We are working with our tour hotels to ensure that best practice security procedures are in place to minimize the risk of such thefts and/or tampering. And we are providing information and guidance to our players about how they can best protect themselves from theft of or tampering with their laptops.”

F-Secure decided that the attack type deserved its own name, “Sharking,” defined as “targeted attacks against professional poker players (a.k.a. poker sharks). It is similar to Whaling attacks which are targeted at high profile business managers.”