back to article Poker ace's vanishing hotel laptop WAS infected by card-shark – F-Secure

A laptop apparently stolen from a top-flight poker pro's hotel room and mysteriously returned while he played in a card tournament was infected by spyware. That's according to security firm F-Secure, which today said it had analyzed the computer, owned by ace player Jens Kyllönen. The Java-written malware on the machine could …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Protection

    All it takes is a screwdriver : remove the hard drive and slip it into your pocket. Don't have to trust anyone then.

    1. William Boyle

      Re: Protection

      Removing the hard drive doesn't protect from BIOS/Flash memory infections. IE, a virus can be introduced into the computer firmware, and re-infect the system whenever it is booted, and it is virtually impossible (without special tools) to detect. We are seeing more and more of this sort of infection.

      1. Dave 52

        Re: Protection

        In that case, manufacturers should consider building components that contain all the system memory (main, bios, flash, etc...) on a single and easily removable part of the laptop.

        1. Anonymous Coward
          Anonymous Coward

          Re: Protection

          In other words you want to make a laptop portable eh ?

        2. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        @William Boyle - Re: Protection

        Good point about the BIOS - I hadn't thought of that.

        Still, whipping out the hard drive is at least an improvement on trusting a hotel safe.

        Following on from Dave 52's point, does anyone market a laptop shell into which a smartphone can be plugged?

        1. Shrimpling

          Re: @ JustaKOS - laptop shell into which a smartphone can be plugged

          Motorola make one that plugs into some of their Android phones...

          I know because I use one with my Raspberry Pi

        2. AceRimmer

          Re: @William Boyle - Protection

          "does anyone market a laptop shell into which a smartphone can be plugged?"

          Asus Padphone?

          Alternatively, do not install any OS on the laptop and instead use a thumb drive with Linux... You can configure these to contain a persistent data store

          1. Anonymous Coward
            Anonymous Coward

            Re: Protection

            Shrimpling & AceRimmer :

            Thanks for the suggestions.

            The thumb drive option is a cheap way of solving most of the problem (still leaves BIOS vulnerability) but I'd be fairly happy with that level of security. Of course if you want Windows, then you have to license the thumb drive, but I'd use Linux anyway.

            1. OffBeatMammal

              Re: Protection

              I put this together a while ago for a fairly non-technical friend who was having issues with an ex... works pretty well, though I do encourage them to keep a backup of any documents that matter in the cloud as well - http://post.offbeatmammal.com/2011/05/19/building-a-safe-and-portable-way-to-get-online/

              1. Anonymous Coward
                Anonymous Coward

                @ OffBeatMammalRe: Protection

                Thanks for that - a nice description of what to do.

              2. Not That Andrew

                Re: Protection

                I would also encourage them them to keep offline backups of their documents somewhere the ex has no access to. If he's capable of using a network snifffer, then he's probably capable of accessing their cloud storage, especially if they are using DropBox, which has rather weak security.

    2. Anonymous Coward
      Anonymous Coward

      Re: Protection

      Hotel rooms usually include a safe, keeping the laptop (if it will fit) or the hard drive in there is better than carrying it around with you. For that matter, the hotel itself usually has a very secure safe you can request to put things in, in case you don't trust the room safe.

      You think if they're going to go to all the trouble to break into some guy's room specifically, they'd have used some higher quality spyware that leaves no visible trace? And would have installed it quickly enough that the player doesn't see that his laptop was gone and later returned. Nothing would make me more suspicious than that!

      1. Don Jefe

        Re: Protection

        The gumption and skills to successfully engage in full on, physical espionage tactics, doesn't have to be combined with technical skills. Plenty of people have one or the other of those skill sets, but it's rare to actually have both in one person. It's the people that think they've got all the skills who get caught.

        The rare individual that has all the skills, and is criminally inclined, has for more worthwhile things to do than steal from a gambler who may or may not have any money to steal. Overall I think it's good that all those traits are rarely expressed in an individual.

        But hotel room safes are about as secure as sticking your things under the bed. They might stop a random thief who just happened to get in your room, but they won't stop anyone who has gone through the trouble to track you and make their move when you were away from the room. That's a dedicated person. The service key issue is the big problem though.

        All hotel room safes have service keys so that hotel staff and/or law enforcement officers to open the safe. Nobody is going to provide you with a short term use safe that they can't open. The hotel safe is about the same, but cleaning staff won't be able to open it like they can a room safe. Usually only managers can open the big safe.

      2. Graham Marsden

        @DougS - Re: Protection

        > "Hotel rooms usually include a safe, keeping the laptop (if it will fit) or the hard drive in there is better than carrying it around with you. For that matter, the hotel itself usually has a very secure safe"

        Both of which are entirely vulnerable to corrupt staff since the room safe has a built in "back door" security code to unlock it and the hotel safe can be opened by whoever is duty manager at the time .

        As such, all they give is a false sense of security.

    3. Havin_it

      Re: Protection

      >All it takes is two Philips screwdrivers, a torx screwdriver, a spludger, some isopropyl alcohol to deal with the glue, a chisel to remove the solder holding it in place:

      FTFY. What the hell kind of laptop do you have?

      1. Anonymous Coward
        Anonymous Coward

        @Havin_it - Re: Protection

        Ok, it does depend on the laptop. I was thinking of my eeePC, which is dead easy. Posher laptops may prove more difficult, of course.

  2. dssf

    Dyes and Markers, Bats and Nails

    Dyes and Markers, Bats and Nails

    Next time, rig the room and the safe with flourescent, Cobalt-60 dye packs. Tell the invaders to fuck off and die with radioactive dye. If you cannot get C-60, then sidle up with Putin for some easy-to-transport Polonium powder. Dust your (fake) laptop with it. When C-60 or Polonium incidents surface in the news (if they do, that is), you might take satisfaction.

    But, really, seriously, it's getting tiresome hearing about these infiltration incidents. A baseball bat with nails and a cloaked room guard (able to evade heat detection from out in the hallway) batting and beating the ass of the intruder like the crowbar attack in the tunnels in CounterStrike might knock these invasions down a tick or two.

    1. Don Jefe

      Re: Dyes and Markers, Bats and Nails

      Traditionally, when somebody proposes killing themselves and their loved ones in order to protect them from outsiders we refer to that as a 'cult'. The only stories of radiation poisoning that we'll hear will be about you, your family and your neighbors bodies being found on the scene of what appears to be a ritual suicide.

      If you really want to make a lasting impression be sure to leave your manifesto in a conspicuous place. That'll really get the media going. Mention that you're the true father of Obama too and they'll probably write some books about your story, and there's certain to be at least one movie made. Capitalize on that and be sure your will and estate plans are in place.

      I recommend naming a strange celebrity pet as the sole executor and benefactor of your estate. People love that kind of shit. If you're dead set on dying by radiation poisoning, and taking innocent people with you, I think you should also invite some hitchhikers and hobos over and beat them with a crowbar. Just beat the ever loving fuck out of them and videotape it while screaming about the zombie apocalypse.

      Don't half ass this man. Go all out and show those infiltrators just who they're really messing with. If you go around town and liberally distribute your radioactive waste throughout your city it draw it'll really freak the post office personnel.

    2. Anonymous Coward
      Anonymous Coward

      Re: Dyes and Markers, Bats and Nails

      The hell have you been smoking?

      Firstly, Counterstrike is a game. You left-click to whack someone with a crowbar. In real life, this is quite a difficult thing to do effectively and takes practice. When you're swinging a bit of metal repeatedly and with a lot of force your arm will get tired quickly. Similarly, in real life you CAN'T demolish a crate by whacking it on one face with a crowbar- they're made of wooden battens and/or plywood specifically because they're (cheap) tough, impact-resistant materials. Now presumably they'd hire some big lug of a man to perfom the actual theft, or take one along for protection/lookout. Someone able to fight and who is good with a weapon rather than indiscriminately swinging a crowbar.

      Secondly, your 'room guard' would likely die of C-60 poisoning if you boobytrapped the room, and then you would when you came to inspect it later as you inhaled the released Cobalt.

      Polonium or Cobalt would be heavy. Dust a laptop with it and most of it will fall off, into your hotel room's carpet. Then get kicked up by housekeeping, then you'd breathe it in and die. The remaining dust on the keyboard will give your hypothetical thief a mild case of fingertip-sunburn... unless he's using gloves and/or bags up your laptop in-room to prevent any forensic evidence being left. The great thing with laptops is you don't even need to OPEN some of them. Just connect up an external monitor and USB keyboard, hit the power button and boot from a USB disk you've plugged in. If you really need to open it, use a bigger bag.

      And correct me if I'm terribly wrong, but a set of goggles that can see the sorts of nigh-microwave extremely-infra-red radiation that would show someone through a solid wall as you're imagining would be both expensive and bulky. I mean if they stood in one place leaning against the wall you'd be able to see some heat leak through with a specially modified camera (which would be a few thousand pounds/dollars anyway). So unless there's a computer game convention going on in the hotel your hypothetical burglar will get some seriously weird looks standing in the corridor with set of Splinter Cell goggles.

      And from first-hand experience I'll tell you that the USA (home of Vegas, which is an important place to gamblers) asks a lot more odd questions at the border when you've got a couple of Russian visas in place. This is before you even start to think about talking to Putin or bringing Cobalt-60 across the border.

      So what we've established is that after your attempt at securing a laptop you use for playing poker- which has left 3 people dead (your guard, housekeeping and yourself, but not any thief who takes the most basic of precautions) you've achieved lower security than setting a BIOS password and setting it to boot from HDD first.

      [crackle]TERRORISTS WIN.

      Oh, I suppose you did mention that you'd take your laptop and leave only a FAKE laptop. So you've killed 3 people including yourself to protect something of absolutely no value.

      [crackle]PYRRHUS WINS.

      If you're not just a gambler and have 'important' or 'secret' stuff on your laptop, please enjoy this obligatory XKCD link: http://xkcd.com/538/

      1. Anonymous Coward
        Anonymous Coward

        Re: Dyes and Markers, Bats and Nails

        Wow. Change to decaf.

      2. Tom 38

        Re: Dyes and Markers, Bats and Nails

        A baseball bat with nails and a cloaked room guard (able to evade heat detection from out in the hallway) batting and beating the ass of the intruder like the crowbar attack in the tunnels in CounterStrike might knock these invasions down a tick or two.

        … and …

        The hell have you been smoking?

        Firstly, Counterstrike is a game. You left-click to whack someone with a crowbar.

        You two should both be ashamed of yourselves - there is no crowbar in counter strike, you have a KNIFE, left click is slash, right click is stab.

        The game with the crowbar you are both thinking of is Half-Life. Shocked and appalled…

      3. beep54
        Joke

        Re: Dyes and Markers, Bats and Nails

        "....Also, I would be hard pressed to find that wrench for $5"

      4. dssf

        Re: Dyes and Markers, Bats and Nails

        Obviously, given all the "plot holes" in what I wrote, it is to be merely seen as an expression of futility and a bit of infuriation/frustration. (And, there've been plenty of holier plots written as movies, which moved millions of dollars from the wallets/purses of those willing to suspend disbelief, no?)

        Really, for those who missed it, how would poker player get ahold of any of the heavy metals? Only likely a very wealthy (and bitter) gambler with very, very deep connections. Even then, s/he'd be highly unlikely to use the stuff.

        No caffeine was involved.

        However, the flourescent green dye marker bit, that, that is a lot safer, and likely would result in either exposing or apprehending (or both) any suspects or thieves. Some inconvenience to the staff, if one goes rummaging guest room safes. But, the dye would need to be trackable by day (it should glow at night). Anyone trying to wash it off would need some planning, since some dyes are difficult to get rid of neatly and in short order. Now, if only the police, private security, and hotel doors/thresholds had resources to speed up thief-catching.

        1. Anonymous Coward
          Anonymous Coward

          Re: Dyes and Markers, Bats and Nails

          Hey, AP from earlier here.

          @all Firstly, let me apologise for getting mixed up. It's been ages since I played Counterstrike and I remembered it having a crowbar. Googling shows that this was a mod, proving once and for all that Counterstrike is inferior to the HL series.

          @dssf Radioactive materials are easy to get hold of. Americium-241's in smoke detectors and is more than capable of killing people in small quantities. Good point is it's long half life so long shelf life (and a longer time to put together a good mass of it), but means that it's less active so the same amount will take longer.

          I will admit, though, your plot- and your grasp of radioactivity- are far better than whoever wrote Die Hard 5.

          1. Don Jefe
            WTF?

            Re: Dyes and Markers, Bats and Nails

            Jesus Fucking Christ man. Come on. How old are you?

            Everything you said about the nature of radioactive materials is so partially accurate that it is nearly as bad as being completely and utterly wrong.

            Radiation from the Americium-241 isotope is so minuscule that you can't even hurt yourself with it on purpose unless you swallow it or grind it up and snort it. Even if you did swallow a bunch of it, the complications resulting from the lead and antimony carrier alloys would do more damage than the radiation. Fucking granite countertops are more radioactive than a shopping cart full of Americium-241. That's not hyperbole, granite countertops emit more radiation than Americium-241.

            If you had 1,000 smoke detectors, went through all the trouble to dismantle them and extract the carrier elements and sewed them into your jacket you might, might have a slightly higher chance of developing thyroid cancer when you reach your late 60's. Go ahead, look it up. Calculate how many smoke detectors you need to inhale to increase your risk of thyroid cancer by .003%.

            Do you know why you raise red flags if you try to purchase shitloads of smoke detectors? It sure isn't because of the 'dangerous radioactive materials' inside. It's because regal dipshits, like yourself, who think they can weaponize smoke detectors are huge societal liabilities once they start to act out the fantasies in their heads.

            Anyone who is that catastrophically impaired is 100% guaranteed to harm someone and it is never, ever the intended targets that get hurt. It's better just to remove those people from circulation, which is exactly what they do.

    3. highty bogue

      Re: Dyes and Markers, Bats and Nails

      Very well thought out solution to this vexing problem of laptop infestation.

  3. dssf

    Effective protection starts with a severe threat...

    in the physical form of...

    peeng peeng peeng... deeng deeng -- khloomph, kurmph, hhoooorrrr...

    deet-deet-deet-deet ... deet-deet---deeeeeehhh

    1. admiraljkb
      Joke

      Re: Effective protection starts with a severe threat...

      so firing up "What does the fox say" on YouTube until they surrender? Works for me, but probably violates the Geneva Convention.

  4. Anonymous Coward
    Anonymous Coward

    Check file hashes

    #3 in the workarounds section here is quite doable if you must leave laptop unattended

    http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html

    1. Hud Dunlap

      Re: Check file hashes @AC 6:12

      Interesting link, thank you

    2. DropBear
      WTF?

      Re: Check file hashes

      Those cheeky f***ers...

      "TrueCrypt Developer: We generally disregard "janitor" attacks since they inherently make the machine untrusted. [...] Given the scope of our product, how the user ensures physical security is not our problem."

      Why YES, I do understand physical access sort of defeats security in general. Now, do THEY understand expressing it like that effectively reduces TrueCrypt wholesale from "security" to "worthless security theater"...? Why even bother then - nobody can reasonably guarantee perfect immunity of their device(s) against physical access by others, 100% of the time!

  5. Valeyard

    obvious question

    if it was infected via USB, then why was it removed from the hotel room?

    it works both ways; USB sticks can be carried TO a hotel room thus arousing less suspicion! :-o

    1. auburnman

      Re: obvious question

      Less risky for the attacker to do it in their own room, or whoever had physical access to the room didn't have the technical nous. Also if you're taking the risk of hacking someone's laptop for info, you probably want to make sure it's transmitting the ill gotten gains before leaving, which likely means you need your own 'puter nearby.

      The only ballsup was not returning it before it was spotted missing.

    2. InsaneGeek

      Re: obvious question

      The obvious answer is that... if they did it without removing, the attacker would have been there when the owner walked into the room catching them doing it. Because they removed it from the room, when he came there was no one there to accuse, even though the attack was found out, the attackers remain anonymous.

  6. Mattp

    Solution: Secure Chips?

    Re Evil maid and harddrive encryption> This is what TPM is supposed to protect from: the chip recognizes when various "platform Configuration registers" have been changed.

    V Difficult to hack a TPM chip (requires an electron microscope) and there is a new version 2.0 out now.

    The chip only costs $26 each. (I got a quote from Alibaba supplier [min order 10]) The hack with the electron microscope costs approx $200,000.

    Also introduces features which could (and should) be used to secure Network and Wireless communication.

    TPM is the solution in the right direction and needs to be further developed.

  7. Baron Ebaneezer Wanktrollop III

    Pffft laptops!

    He should have had an iPad. The perp would have had to get on it and either email a copy of the virus to himself or log onto his own Dropbox account, or worse - use iTunes to sync it. Either way, he would have to book a holiday in the same hotel room to have the time.

    The only other option I see is to get Jeff Goldblum to upload a virus to it - that always works no matter what OS.

    1. Jez-UK

      Re: Pffft laptops!

      Well, the perp would also have needed to "jailbreak" the iPad (and that could be spotted). I'm not sure anything else would actually work.

      This is actually at the essence of why the iPad is the way it is. The design is intended to take all the "computer stuff" away from the experience of the iPad.

      So:

      There is no chrome when you switch apps (no "windowing").

      There is no (visible) file system (so no USB drive support).

      There is no plugin support (as you'd need to update it).

      Applications are sandboxed (makes MOST malware impossible).

      Applications have tightly controlled multitasking (makes a lot more malware impossible).

      System services are not extendable (another potential attack vector cut off).

      Now these decision (and others) do limit what the platform can do - something like Android's virtual keyboard replacement "Swype" can't work on an iPad. But there is an upside, often in security - in the "Swype" example the same mechanism that stops it also stops "keyloggers".

      So in this case, an iPad seems like a perfect system. Of course, this doesn't make an iPad perfect for EVERYTHING sometimes the things that aren't allowed on the iOS are exactly what is required. But in truth, such requirements are not universal.

  8. Anonymous Coward
    Anonymous Coward

    Poker spyware..

    Need we ask under what OS did this remote java-written spyware run under...

    1. Old Handle

      Re: Poker spyware..

      Write once, spy anywhere.

  9. Chris Phillips

    CARD SHARP!

    It's a CARD SHARP! Not a Card shark!

    1. captain veg Silver badge

      Re: CARD SHARP!

      Unless that was his disguise...

      -A.

  10. Anonymous Coward
    Anonymous Coward

    "Kyllönen, who rocked up at the antivirus biz's HQ in an Audi R8"

    It's official then: I'm in the wrong business.

    :-(

  11. chris lively

    Can someone please figure out a way to muzzle the NSA.

    Given all the Snowden leaks I'm starting to become convinced that the NSA was responsible for the invention of malware and they obviously had a hand in this.... somehow.

  12. Anon999

    Use full drive crypto with TPM

    The only way to secure a laptop is to use full drive crypto that supports TPM and have a laptop which has functional TPM chip. For example DELL business models.

    And then never leave the laptop in suspended mode when you leave the room, always either switch it off or use hibernation.

    Thus attacker cannot do DMA attack to memory since memory is switched off, and cannot modify boot sector even by accessing hard drive directly with another PC as TPM will scream on that.

    1. Mattp

      Re: Use full drive crypto with TPM

      Yes TPM is the way forward but there still needs to be improvements in the implementation of TPM. Hardware manufacturers are not making use of all its functionality that it has to offer. Currently it is only implemented for basic functionality. In addition once the intermediate and advanced functionality is implemented, Users also need to be trained in how to read and deal with the warning messages. (it is a bit "BIOSy".) There is also extra support required of IT departments. (EG you can potentially "brick" your laptop.)

This topic is closed for new posts.

Other stories you might like