It’s not been a great week for online gambling security issues. Earlier this week, Bitcoin online poker site SealsWithClubs was forced to switch servers after a suspected distributed denial of service (DDOS) attack on its data center. Then Bitcoin gambling site SatoshiDice was knocked offline by a similar attack, although site creator and former owner Erik Voorhees told CoinDesk that the attackers had “largely wasted their money” given that the site is merely a conduit for info regarding betting stats and isn’t required for the actual placing of wagers. To truly gum up the works, Voorhees said would-be attackers would “have to launch an attack against the whole Bitcoin network.” Attention US Department of Justice: we believe the gauntlet has been thrown down…
A far more unusual and compelling piece of technical skullduggery appears to have gone down in Spain this week on the fringes of the European Poker Tour Barcelona tournament. On Thursday, two poker players reported having their rooms at the Hotel Arts broken into, resulting in the apparent theft of their laptops, only to have the laptops mysteriously reappear inside the rooms mere minutes after reporting the theft to hotel management. A full account of the shenanigans has been posted in the 2+2 forums, and while lengthy, it’s worth the read.
In a nutshell, here’s what happened. Finnish player Jens ‘Jeans’ Kyllönen leaves laptop in hotel room as he goes to participate in tournament. Jens returns, discovers his room key doesn’t work. He goes down to reception, gets his key recoded, which gets him back into his room, where he notices his laptop is missing. He goes to casino to check whether his poker buddy/roommate had borrowed the laptop, gets a ‘no’ answer, returns to hotel room to find laptop has magically reappeared.
Jens switches on laptop, gets Windows warning that machine has been tinkered with. He goes out for an hour, returns to find door key once again inoperable, goes back to reception, gets key recoded for the second time. Once back in hotel room, he discovers laptop has again vanished. Hotel later reports laptop having been turned in to security, and Jens discovers laptop now starts up just fine, but no longer asks for his password.
Later on, Jens bumps into fellow player Ignat Liviu in elevator, mentions that his laptop had been stolen and returned. Liviu says ‘me too.’ They learn that they each received phone calls at odd hours of the day, apparently trying to determine whether the room was occupied and, if so, when it wouldn’t be occupied.
There are unconfirmed reports that other players have experienced similar shenanigans during the EPT stop. The suspicion is that someone with a knowledge of which hotel guests were bona fide high-stakes online poker players hatched a plan to secretly install Trojan software on the players’ computers, which could then be used to read the players’ hole cards during online play or capture passwords to all manner of online accounts.
According to Jens’ recounting of his adventures, the actions of hotel staff/security throughout the entire process can be characterized as (at best) unhelpful or (at worst) obstructive, including multiple claims of malfunctioning security cameras at key moments/locations. As the tournament is put on by PokerStars, player liaison Lee Jones soon got involved, publicly confirming the veracity of the two cases, that Barcelona police had been alerted and that the hotel staff was belatedly treating the matter more seriously. On Friday, Liviu told PokerNews that hotel security had managed to track down a video image of the alleged laptop thief in action. Regardless, this may be the first poker tournament in history in which ‘winning’ is defined as not having to wipe your hard drive.