Justin Shronk scours the Internet forums and deciphers the tournament trail scuttlebutt to bring you the best dirt and gossip professional poker has to offer. Welcome to Pokerazzi!
Keeping Your Online Money Safe
After a rash of high-profile players got their online accounts hacked through various means, I decided to sit down with hacker “eNeLp,” who knows more about computer networking than that Geek Squad guy who comes over and reboots your modem for $300 a pop. We talked about the best way to keep your online money safe, and how to safeguard against it ever being at risk.
Justin Shronk: First, what are your qualifications/degrees/experience that would make you an expert on this topic?
eNeLp: I have a Bachelors degree in computer network engineering from Westwood College of Technology. I currently have my Cisco Certified Network Professional (CCNP) certification, as well as my Cisco Certified Design Professional (CCDP) certification. I have worked for companies such as IBM, Cisco Systems, and Dell. Currently, I am a Network Administrator for a large healthcare organization.
Justin Shronk: In general, how “safe” is most peoples’ money in their online accounts?
eNeLp: For the most part, I think the casual players are pretty safe. It takes a bit of work to do a sophisticated hack against individuals in their homes, and generally speaking it would not be worth the time or effort to go after such a small “score”.
That is not, however, to say that it can’t or won’t happen, just that the chances are fairly low. However, the people that keep large sums in their online accounts should take extra precautions to safeguard themselves. My thoughts are that if you are playing poker online for a living you should treat your computer security just like any other business would since internet poker is your business.
Justin Shronk: How would someone with your knowledge go about gaining access to someone else’s personal information, and then their money in their online accounts?
eNeLp: There are multiple ways of going about it, but one fairly simple way to do it would be to simply get a rootkit* installed on their machine; there are several ways to go about this (which I won’t go into for fear of getting just a tad too technical), but once I have your machine rooted I can pretty much do whatever I want.
The easiest thing to do would be install a program that records every key stroke that you type, and simply wait for you to type in your password. Now lets say you check the little box that says to save your password – well, then I just start looking through files for it or I simply uncheck the box and make you type it in and then I have access to your account and pretty much anything else that I want.
*A rootkit is malware that consists of a program, or combination of several programs, designed to hide or obscure the fact that a system has been compromised.
Justin Shronk: What are some common mistakes people make that make themselves really vulnerable to this kind of situation?
eNeLp: The most common thing that I see is people not staying current with updates. By updates I mean operating system updates, anti-virus updates etc. We (my company) recently got hit with a rootkit that could have been avoided by simply having an update that we missed. Also, a good firewall is an absolute must. Don’t just be satisfied with the default Windows firewall, and if you are really serious about being safe, have a good hardware firewall installed in your home. You can get a fantastic enterprise class firewall for under $1,000, which is a small price if you are keeping large sums of money in your online account.
Justin Shronk: I’ve heard you mention hotels during poker tournaments as a place that a hacker would be able to go nuts – why is this?
eNeLp: Because, for the most part, hotel wireless is a complete joke, as in there really isn’t any security. Usually you just jump on and start doing your thing, which means that a hacker can do the same thing – only now you two are on the same network. Once I am on the same network, it’s just a numbers game as there are bound to a lot of high stakes online players playing online and not all of them are going to be secure, so I am at least going to find a few victims to get rooted and once that is done I can just sit back and wait for the information to come rolling in.
Justin Shronk: Is it possible to make yourself “hackproof”? If not, what are some things people should be doing to make it as difficult as possible for someone with your knowledge to do some real damage to them?
eNeLp: Nobody can ever be “hackproof;” if banks and governments can’t do it, neither can the everyday person. You can however take steps to try and prevent it.
1. Strong passwords that you change on a regular basis, not just your online accounts but your windows login password as well.
2. You don’t have to have administrator level privileges for most day-to-day things, so create another account for day-to-day use.
3. Updates, updates, updates. I cannot stress enough to keep your computer and anti-virus up to date.
4. A good firewall. Your Internet is only as secure as your firewall. I personally run a hardware firewall on my network and a software firewall on all of my machines.
5. Be smart and use safe browsing habits such as: don’t open files that you are not 100% sure of; if you get a popup asking you to click an option, make sure you know what you are clicking on; I see this one at least 2 or 3 times a week where somebody just clicks “ok” to a popup only to find out that you just said “ok” to a virus or malware; and preventing it was just as simple as clicking “NO.”