On Tuesday, F-Secure, an anti-virus, cloud content, and computer security company based in Helsinki, Finland, confirmed that Jens Kyllönen and his friend Henri Jaakkola were the victims of a "Sharking" attack at EPT Barcelona. After performing some tests on the high-stakes pro's laptop, F-Secure discovered that it was infected by a Remote Access Trojan (RAT), allowing the attacker to access Kyllönen's hole cards remotely.
F-Secure reported the following:
"There was a Remote Access Trojan (RAT) with timestamps coinciding with the time when the laptop had gone missing. Apparently, the attacker installed the trojan from a USB memory stick and configured it to automatically start at every reboot. A RAT, by the way, is a common tool that allows an attacker to control and monitor a laptop remotely, viewing anything that happens on the machine."
The analysts called the attack "generic" and not "all that complicated," but believe that it "works against any online poker site that we know of."
Here is a picture of a piece of the code used in the RAT java script:
F-Secure says that Jaakkola had the exact same trojan installed onto his laptop, and that this isn't the first time professional poker players have been attacked with trojans.
"We have investigated several cases that have been used to steal hundreds of thousands of euro. What makes these cases noteworthy is that they were not online attacks. The attacker went through the trouble of targeting the victims' systems on site."
Trojan attacks on high profile businessmen are called "Whaling," so the analysts decided to call attacks on high-stakes poker players, or sharks, "Sharking."
In September, Kyllönen took to TwoPlusTwo to report suspicious activity at the Arts Hotel in Barcelona. Other players, including Ankush Mandavia, also came forward with suspicions of foul play and examples of laptop malfunctions.
F-Secure urges high-stakes poker pros, and anyone who moves large amounts of money with their laptop, to take very good care of it.
"Lock the keyboard when you step away. Put it in a safe when you're not around it, and encrypt the disk to prevent off-line access. Don't surf the web with it (use another laptop/device for that, they're relatively cheap). This advice is true whether you're a poker pro using a laptop for gaming or a business controller in a large company using the computer for wiring a large amount of funds."