Results 1 to 11 of 11

Thread: Black chip poker ddos attack

  1. #1
    Silver
    Reputation
    390
    Join Date
    Mar 2012
    Posts
    857
    Load Metric
    65667915

    Black chip poker ddos attack

    I was playing a tournament last night on Black Chip poker and a message popped up saying tournament was paused by the site. Ten minutes later it said they were experiencing DDOS attacks aimed at their server and that the tournament was cancelled. Immediately after that I get a pop up saying my computer was infected by the Zeus virus and that I needed to call some 800 number to get it removed or my hard drive will be erased. A anti malware program easily removed it. Just an fyi

  2. #2
    Silver GringoStar's Avatar
    Reputation
    46
    Join Date
    Aug 2016
    Location
    CHICAGO
    Posts
    511
    Load Metric
    65667915
    Quote Originally Posted by hutmaster View Post
    I was playing a tournament last night on Black Chip poker and a message popped up saying tournament was paused by the site. Ten minutes later it said they were experiencing DDOS attacks aimed at their server and that the tournament was cancelled. Immediately after that I get a pop up saying my computer was infected by the Zeus virus and that I needed to call some 800 number to get it removed or my hard drive will be erased. A anti malware program easily removed it. Just an fyi
    That sounds very suspicious. I have never heard of any kind of site or service that gets hit with a ddos and, as it is happening, alerts their users with exact detail about what is happening. Do you happen to have a screenshot of the message from Black Chip or any subsequent emails from them?

  3. #3
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,371
    Load Metric
    65667915
    if someone tagged black chip poker and used its auto-update to push zeus to all running clients, a) it would look like a ddos because you know they dont know what the fuck a ddos is, and b) wowwwwwwwwwwwwwww.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  4. #4
    Silver GringoStar's Avatar
    Reputation
    46
    Join Date
    Aug 2016
    Location
    CHICAGO
    Posts
    511
    Load Metric
    65667915
    Quote Originally Posted by sonatine View Post
    if someone tagged black chip poker and used its auto-update to push zeus to all running clients, a) it would look like a ddos because you know they dont know what the fuck a ddos is, and b) wowwwwwwwwwwwwwww.
    But what kind of operation creates a bulk communication that goes directly to users to alert them of a DDOS, as it is happening. Usually that is something that is determined post-mortum, or at least communicated with more discretion for reputation sake...

  5. #5
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,371
    Load Metric
    65667915
    Quote Originally Posted by GringoStar View Post
    Quote Originally Posted by sonatine View Post
    if someone tagged black chip poker and used its auto-update to push zeus to all running clients, a) it would look like a ddos because you know they dont know what the fuck a ddos is, and b) wowwwwwwwwwwwwwww.
    But what kind of operation creates a bulk communication that goes directly to users to alert them of a DDOS, as it is happening. Usually that is something that is determined post-mortum, or at least communicated with more discretion for reputation sake...
    I'm guessing the impetus there was 'we need to cancel our tournaments until we figure out whats going on here'.

    Totally realistic narrative, btw:

    [BCP engineer #1] fuck me to tears we just found malware and IoC on pretty much the entirety of our infrastructure.

    [BCP engineer #2] wow, I'll load up a ton of sloppy ass anti-virus shit and tip off the actors who likely already dumped our CC#s and PII and are currently raping people at poker tables by godmoding peoples hands.

    [Team China] ugh these fucking nerds are shutting us out, meh... lets just use auto-update to push Zeus to their clients and call it a day lol.

    [BCP manager] UHH... UHHH...... SOMEONE IS PUSHING A ROGUE UPDATE WITH ZEUS IN IT FUCK FUCK FUCK FUCK... SEND OUT AN ALERT ABOUT A DDOS AND UNPLUG EVERYTHING

     
    Comments
      
      GringoStar: Sounds about right
      
      Shizzmoney: makes sense
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  6. #6
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,371
    Load Metric
    65667915
    one can easily substitute Team China for insider threat there of course.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  7. #7
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65667915
    Are there any reports about the Zeus virus popping up at the same time of this "DDoS"?

    I agree that it likely seems related (and sonatine's theory probably isn't too far off), but it could also be a coincidence.

    And yeah, if hackers hijacked the update process, that's realllllllllly bad.

  8. #8
    Silver
    Reputation
    390
    Join Date
    Mar 2012
    Posts
    857
    Load Metric
    65667915
    Quote Originally Posted by GringoStar View Post
    Quote Originally Posted by hutmaster View Post
    I was playing a tournament last night on Black Chip poker and a message popped up saying tournament was paused by the site. Ten minutes later it said they were experiencing DDOS attacks aimed at their server and that the tournament was cancelled. Immediately after that I get a pop up saying my computer was infected by the Zeus virus and that I needed to call some 800 number to get it removed or my hard drive will be erased. A anti malware program easily removed it. Just an fyi
    That sounds very suspicious. I have never heard of any kind of site or service that gets hit with a ddos and, as it is happening, alerts their users with exact detail about what is happening. Do you happen to have a screenshot of the message from Black Chip or any subsequent emails from them?
    Name:  ddos.JPG
Views: 427
Size:  126.2 KB

  9. #9
    Silver GringoStar's Avatar
    Reputation
    46
    Join Date
    Aug 2016
    Location
    CHICAGO
    Posts
    511
    Load Metric
    65667915
    Quote Originally Posted by hutmaster View Post
    Quote Originally Posted by GringoStar View Post

    That sounds very suspicious. I have never heard of any kind of site or service that gets hit with a ddos and, as it is happening, alerts their users with exact detail about what is happening. Do you happen to have a screenshot of the message from Black Chip or any subsequent emails from them?
    Name:  ddos.JPG
Views: 427
Size:  126.2 KB
    Seems like it may be legitimate. WPN apparently has a long history of successful DDoS attacks. They also have a history of being oddly transparent about the attacks, in a supposed effort to avoid overlay and to restore confidence with promises of increased security.

    My only alterations of sonatine's theory:

    1) They went in with some sort of multi-vector attack, but actually originally intended to push Zeus to all active clients. WPN has had past extortion attempts for BTC during DDoS attacks in the past, but they were aimed at WPN for a bulk sum, instead of leveraging the users directly. Probably just a lame attempt to extort the userbase. But who knows, maybe some people paid up.

    2) Given my above assumption, this smells more like borscht than chow mein, given their predilection for sleazy ransomware.

  10. #10
    Silver AhoosierA's Avatar
    Reputation
    438
    Join Date
    Sep 2014
    Posts
    692
    Load Metric
    65667915
    This isn't the first time they've claimed to be attacker by DDOS attacks.

    It seems to happen prior to or during a big series they're running. Their "online super series (OSS" starts on 4/9.

  11. #11
    Plutonium sonatine's Avatar
    Reputation
    7369
    Join Date
    Mar 2012
    Posts
    33,371
    Load Metric
    65667915
    its also strange that anyone with the technical aptitude to create this sort of opportunity would push something as obvious and opsec-hostile as Zeus.

    to be clear; thats really, really, really fucking strange.

    and lends itself to the theory that this was an disgruntled employee.

    or, alternately, that they successfully pushed a stealthy dropper, and that the dropper pushed zeus as a 'first phase' attack, knowing that X % of machines will discover Zeus but not the dropper, and that the Zeus infected hosts, few tho they may be, can be sold off for a premium while less robust malware can be placed on the other dropper infected hosts and used for other purposes.

    just #gametheory but you get the idea.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Black chip Poker
    By JUSTIFIEDhomicide in forum Poker Community Discussion
    Replies: 1
    Last Post: 03-25-2014, 09:44 PM
  2. Skatz is apparently under a DDoS attack. . .
    By VaughnP in forum Flying Stupidity
    Replies: 12
    Last Post: 06-29-2013, 06:47 PM
  3. Black Chip Poker is moving to the Winning Poker Network
    By Rollo Tomasi in forum Flying Stupidity
    Replies: 43
    Last Post: 06-08-2013, 02:27 PM
  4. Want Black Chip Poker funds
    By ShadyJ in forum Flying Stupidity
    Replies: 5
    Last Post: 01-01-2013, 09:07 AM
  5. I have Black Chip Poker $ for trade
    By Bootsy Collins in forum Flying Stupidity
    Replies: 6
    Last Post: 12-17-2012, 02:44 PM