Attacking Online Poker Players

This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware.

I agree with the conclusion:

So, what's the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you step away. Put it in a safe when you're not around it, and encrypt the disk to prevent off-line access. Don't surf the web with it (use another laptop/device for that, they're relatively cheap). This advice is true whether you're a poker pro using a laptop for gaming or a business controller in a large company using the computer for wiring a large amount of funds.

Posted on December 16, 2013 at 6:09 AM • 18 Comments

Comments

Rex RollmanDecember 16, 2013 7:23 AM

FDE is also a good defense against frame jobs. Not too long ago, I remember reading a story about a school administrator who was framed with child porn and lost his job. This was in England, IIRC.

Clive RobinsonDecember 16, 2013 8:07 AM

Yes it's good advice, the problem though is consistantcy in following it most humans are way way to optormistic and trusting.

There is of course another issue for those living in the USA, and thats that 100mile deep "border zone" and likewise crossing borders in many other nations...

Whilst a business person may well be able to claim protection under SabOx or various other legislation no such protection exists for gamblers and others effectivly "carrying money or value" due to anti drug and money laundering legislation in just about every juresdiction...

Man in BlackDecember 16, 2013 8:31 AM

If memory serves, this is exactly what the Israelis have been doing ever since laptops became government go to machines.

PC CobblerDecember 16, 2013 10:15 AM

"Don't surf the web with it (use another laptop/device for that, they're relatively cheap)."

No, just use a Live CD, e.g. Puppy Linux, for banking, purchases, etc. Just make sure you boot up PL, do your sensitive stuff, and quit, as you can still be hit if you boot PL, surf your favorite porn / social media sites, and then bank, all in one session, because malware could be resident by then. And consider a VPN for traveling.

RHDecember 16, 2013 11:09 AM

This is just another example of how bits in the right place are more valuable than the same bits in the wrong place, an important lesson to learn in today's world of online banking.

I always find it intriguing - the string "$1000" can be encoded as a series of bits: 10010011 0001110 0001100 00110000. Why is it that those bits are so substantially more valuable when they find their way into a bank mainframe related to my bank account than they are when I put them on the computer hosting Schneier's blog

ValuelessDecember 16, 2013 11:34 AM

For the same reason that blotches of ink on a paper in a safe with a bank president's signature are more valuable than similar blotches in your notepad without his signature ?

DanielDecember 16, 2013 1:43 PM

People keep making this advice about using two laptops but there is an excellent reason why people do not: convenience. The fact is that two laptops are a pain in the ass. First, you have to keep mental track of both and it is an annoyance when the one you want is back at the lab or out in your car. Trying to carry both laptops with you everywhere you go is neither practicable and it also creates the problem that if one gets stolen both will.

Do not misunderstand. If one is moving millions of dollars around then the inconvenience is something that has to be embraced. But for anything other than NSA or major corporate money movement I think it is ridiculous advice. People simply are not going to do that. And beating a dead horse with it doesn't actually improve security.

Tom CourtneyDecember 16, 2013 3:51 PM

The problem of two laptops is at least partially solved with the rise of the tablet. Use your tablet for casual surfing, and your laptop for the secure things you need to do. Or vice versa, if you'd rather.

JohnPDecember 16, 2013 5:17 PM

When on travel, I expect my portable computing devices to be compromised and act accordingly.
* full drive encryption
* require a smart card for netbook access (that never leaves my person-even for showers)
* do not have any sensitive data on the devices
* basically, these are just remote access tools
* an freshly installed, unused, Windows partition to boot and show anyone.
* Linux boot for my real use.

It is a huge trade-off in convenience vs security, but if you've ever had a smartphone stolen when on travel and remember the feeling of loss, it is worth it. The hardware is relatively cheap, but the information may be worth $$millions. Fortunately, I had encrypted most of the data on the phone, wiped everything that wasn't specific to that trip and didn't have any saved passwords stored in any apps. I didn't use any of the built-in email/IM apps - call that luck or paranoia, but it seems to ahve worked.

A good friend also had his smartphone stolen in Spain. Everyone in his contacts was hassled a few times after that incident. He didn't use encryption or even a good lock pattern and he saved all the remote access credentials in each app - convenience ruled his phone. He spent the next 4 hrs immediately after the theft changing passwords, access codes, logins in the middle of his vacation. Then he spent 5 hrs in a local police station filing a report - not because he expected to see the phone ever again - but so his employer would believe him. Fun day for everyone on that trip.

A friend works for a very large international mobile telecom company. He was able to trace both our smartphones - central Africa - were nothing we do will brick the devices. If the phones were shipped within Europe/N.America then we could have had them disabled.

There is a point where too much security overrides even bringing a device. The only reason I bring a netbook at all anymore is to have a larger screen that supports secure remote access clients. I wish there was an Android remote access client that worked with our remote desktop solution AND had enough of an OS to troubleshoot port blocking at hotels and airports around the world - there isn't. A 10" tablet would travel better than a netbook - but when the hotel internet connection blocks access to my remote systems back home, it just doesn't have enough OS network tools to figure out work-arounds. I've been burned on a trip before. Just returned from Thailand - airport and hotel network access blocked my remote servers located in the USA - wasn't able to get a reason why. Usually, they just block all ports except the top 10, but in this case only pings to the IP worked, DNS resolved correctly, but no connections to any of my subnet was allowed - not even HTTP.

tzDecember 16, 2013 8:38 PM

Boot Linux from an SD or uSD card that you take with you or keep in a hollowed out coin. Or use Portable Apps from same.

FigureitoutDecember 16, 2013 8:41 PM

Ah, welcome to my world, Jens; rather disturbing indeed. Knowing you've been physically compromised, someone's fingers stuck a USB drive in your computer and infected it. Sleep tight; at least no blood stains on bedsheets yet...

Peter A.December 17, 2013 3:59 AM

JohnP: time to add DNS tunneling packages to your toolbox. These are crude tools but can help if you are in a pinch.

KevinDecember 17, 2013 7:06 AM

Remove the hard drive if possible and put it in your pocket, in a protective pouch from shock. Many newer hotel safes are just big enough to fit a macbook pro. I have a dozen small screw drives I claim are for fixing glasses but really for the back of the laptop to remove the hard drive, worth the 5/10 minutes to remove and restore upon return.

JohnPDecember 18, 2013 8:22 AM

@PeterA: this would probably work many/most places, but not on a well secured corporate network where they block DNS. OTOH, I've never been in a hotel where DNS was blocked.

I have been in countries where the state ran the telecom/ISPs and where bypassing their security efforts was illegal. I'd rather just not check my email in that case. ;)

Bob RobertsonDecember 19, 2013 1:10 PM

Agreed about a bogus Windows partition, then the rest being encrypted Linux which is only accessed by booting from a liveCD or USB drive, which stays with you.

Put Tripwire to scan the Windows partition after boot, see if someone has messed with your laptop while you're not home.

Also, port redirection can be used for ssh login (and tunnel) to what looks like a DNS port on your remote system.

Security is inconvenient, that's for sure. Keep good backups.

BillRMDecember 20, 2013 4:40 PM

OK one netbook with both the bio and the at hard drive lock set and then use truecrypt WDE and a truecrypt volume for the real important information on the WDE drive.

When using the internet used tor and chrome running under sandboxie.

That should be enough protection in my opinion.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..