Cybercriminals play poker for stolen IDs and hacking software

Jon Pill
Published by:
Posted on: October 14, 2020 9:49 pm EDT

It turns out that black hat hackers, like the rest of us, enjoy a game of online poker now and again. Although, when you win in one of their games, you don’t come away with a fistful of dollars and a branded hoodie.

According to a recent article from TrendMicro, a cybersecurity firm, the winners in these games get hacking themed prizes. For example, credit cards set up with leaked IDs, licenses for phishing software, or code for automating the creation of cloned websites.

Like the rest of us, the COVID pandemic has left hackers with extra time on their hands. They fill this time with all manner of relaxing competitions. These include rap battles and in person sporting events — it seems MMA is a particularly popular example. And, of course, online poker tournaments.

TrendMicro’s “underground monitoring,” noticed a recent uptick in adverts for the various games and contests in the recreational sections of hacking forums. Their report reveals some of the stranger details.

Prize information

While sporting events like MMA matches have to happen out in meatspace, many of the events remain online.

Like many subcultures online, players organize the events themselves. Often using PokerStars home games to host the tourneys. The organizer collects the buy-ins off-site, usually in a cryptocurrency, and forum members donate additional prizes to the pool. This is where long time regs of 2+2 or FlopTurnRiver will feel the twinge of recognition in their waters.

Less familiar to poker forum users are the prizes TrendMicro lists. These included: “Access to cloud-based logs of stolen data, including Personal Identifying Information and stolen credit cards; Licenses for Linken Sphere, a customized browser that uses stolen credentials and system fingerprints to avoid anti-fraud system detection, […] Two airplane tickets purchased using a stolen credit card, […and] monetary prizes that were originally accumulated through criminal activities.”

A screenshot from the article also shows a forum user donating “3 liters of any alcohol” to the first place finisher. Another user puts a bounty on a player’s head. Whoever knocks “Billy Bones” out of the tourney gets a copy of Anti-Detect 6.5. Anti-Detect is a software used with stolen card details to avoid being caught by fraud detection systems.

Verse to versts

The extreme Russianness of the hacking community one screenshot from the articles shows a forum post advertising a comp at “20:00 Moscow Time”  — can be seen, above all, in the fact that these hackers hold regular poetry contests.

The language of this poetry is full of the argot of hacking forums. For example, MicroTrends report “such phrases as ‘Teri give socks,’ referring to SOCKS proxies” and references to “‘Sphere,’ which refers to the customized browser Linken Sphere.”

Pushkin, eat your heart out.

Winning poems are then often used to advertise other events, like the poker tournaments. 

The tragedy of the commons

What is particularly striking is that such a system can work at all.

After all, these forum members seem to be united primarily by the bonds of mutual criminality. Thieves between whom there is supposed to be no trust. And yet they all operate on an honor system when it comes to poker.

Players come back to participate in events three or four times per month. In fact, many of the online poker clubs require a certain amount of regular participation to remain active. That wouldn’t be sustainable if the player pool cheated on payouts or buy-ins.

If there was ever an expression of the strange self-regulation that emerges among gamblers, it is this odd little internet cardroom. A place where professional fleecers leave their shears at the door.

Featured image source: Flickr used under CC License