Poker Coverage: Poker Legislation Poker Tournaments U.S. Poker Markets Sports Betting

Sharking: The Targeting Of High-Stakes Poker Players

Jens Kyllonen Situation Reveals Online Poker Security Threat


Jens KyllonenIn September, high-stakes poker pro Jens Kyllonen told a disturbing story concerning the security of his laptop while staying at the Hotel Arts and playing in the EPT Barcelona main event.

According to the Finnish pro, he went back to his hotel room after being eliminated from the tournament to discover his laptop missing. After returning to the tournament floor to ask his roommate if he had it, he went back to his room only to see that his laptop had been returned.

Kyllonen was naturally suspicious and after a bungled investigation, he returned home to Helsinki and turned his laptop over to an F-Secure location.

The specialist in the lab confirmed Kyllonen’s suspicions, finding a trojan designed to allow a hacker to remotely view laptop activity. Of course, this is especially troubling for Kyllonen, who plays some of the highest stakes online. A hacker could easily use the program to see an opponent’s hole cards and subsequently win countless sums of money.

From the F-Secure lab:

“After a while, it was obvious that his hunch was correct, the laptop was indeed infected. There was a Remote Access Trojan (RAT) with timestamps coinciding with the time when the laptop had gone missing. Apparently, the attacker installed the trojan from a USB memory stick and configured it to automatically start at every reboot. A RAT, by the way, is a common tool that allows an attacker to control and monitor a laptop remotely, viewing anything that happens on the machine.”

“This kind of attack is very generic and works against any online poker site that we know of. The trojan is written in Java and uses obfuscation, but isn’t all that complicated. Since it’s in Java, the malware can run in any platform (Mac OS, Windows, Linux).”

Kyllonen contacted PokerStars directly after the incident and a company representative told him that they were doing everything to catch these criminals. Kyllonen claims police were not contacted initially and added "to this day I still have zero proof any sort of authorities have seen this case.”

F-Secure has since named the trojan attack “sharking” because it targets high-stakes poker players, otherwise known as sharks. Kyllonen has earned $1.4 million in live tournaments and another $4 million in online cash games, according to, making him a prime target.

Kyllonen’s story has raised countless questions about poker player security at destination tournament stops. It is still unknown how the hackers gained access to his room and whether or not they had help from hotel staff. Kyllonen believes that the laptops of other poker players have been compromised as well.

In March, online pro Doug “WCGRider” Polk was the victim of a sharking attack that cost him $35,000.

Though high-profile poker players are the target, this type of attack can happen to anybody who plays for a significant amount of money. F-Secure recommends using a separate laptop for online poker, locking your keyboard while stepping away and putting the computer in a safe while traveling.



7 years ago

As an ex-manager employed at a worldwide hotel chain, I can tell you that unauthorized access to rooms is easy, easy, easy. The simplest ruse is to just ask! A young girl in a bikini claiming to have forgotten her room key at the pool will gain access from a housekeeper or helpful supervisor shockingly often. Hotel rooms are no more secure than parked cars.


7 years ago

As a former business traveler, I can attest to at times being rather lax with security. I try to find rooms with in room safes especially in Vegas which I go a few times a year.

My first stay downtown VegasI had the in room safe and didn't lock up my wimpy 7.5mg of oxycodiene. 75 out of the 90 pills disappeared. Needless to say, I was glad I kept my roll in the safe.

Even if you don't think it is valuable, lock it or take it with you.