Why Online Poker Players Need to Take Cybersecurity Seriously

Author: R. Paul Wilson

We've discussed the dangers presented by modern technology and an arsenal of tiny cameras hidden or incorporated into everyday items, from phones and watches to spectacles and lapel pins. The casino industry is becoming increasingly concerned that local, device-based processing speed is now so powerful that software can interpret any scenario and predict or track the outcome of seemingly random procedures. In fact, technology is so advanced that there’s little that can be done to protect live table games unless the casinos institute a no device rule on their gaming floor, but what about games where players are betting against each other online; can they be targeted?

To put it mildly: YES.

Any form of gambling where we place bets over the internet via various sources, from home hubs to hotel or public Wifi is definitely a target for hackers looking for easy money.

Online poker has long been a target for digital cheating, with several high-profile cases involving players hacking their opponents’ laptops to gain an unfair advantage. Using malware, keyloggers, and remote access tools, cheaters have been able to view hole cards in real time, effectively removing any element of skill or strategy, and these attacks have been more widespread than many realise.

Major Cases That Exposed the Threat

While not strictly hacking, the Ultimate Bet and Absolute Poker superuser scandals of the mid-2000s were among the first major examples of unauthorised access being exploited in online poker. Insiders used software backdoors to see opponents’ hole cards, winning millions before being exposed. These cases demonstrated how devastating digital cheating could be and set the stage for more sophisticated methods of attack.

One of the earliest publicly known hacking incidents occurred at the European Poker Tour (EPT) Barcelona in 2010. Several high-stakes players noticed unusual behaviour from their laptops – sluggish performance and unexpected crashes – only to discover that trojans had been installed, likely via USB drives or compromised hotel Wi-Fi. The malware allowed hackers to remotely view players’ screens, exposing their hands during online play. Although the full extent of the breach remains unknown, some professionals suspected they had been deliberately targeted.

Johannes Strassmann, a well-known German poker pro, investigated a hacking ring that allegedly targeted high-stakes players both online and at live events. Reports indicated that hackers used keyloggers and remote-access tools, often posing as fellow players to install malware on victims’ devices. Once inside, they exploited the access to gain an unbeatable edge in online games.

A similar incident occurred at EPT Malta in 2015, where several players reported that their laptops had been compromised through insecure hotel Wi-Fi. Hackers installed remote-access malware, using tools like DarkComet or Blackshades RAT to spy on their sessions. This attack reinforced suspicions that cybercriminals were deliberately targeting professional poker players, particularly at major tournaments where they were known to play high-stakes online games from hotel rooms.

The COVID-19 pandemic saw a resurgence in online poker, but with it came a sharp increase in cyberattacks. Phishing attempts, malware, and direct hacking incidents became more frequent. One particularly concerning method involved screen-capturing malware that relayed real-time poker sessions to attackers, who either played against the victims themselves or sold the information to others.

How Professionals Respond to the Risk

Today, top professionals take extreme precautions, using poker-only laptops, secure VPNs, and hardware authentication to protect their games. But as long as high-stakes online poker exists, hackers will continue looking for ways to exploit it, making cybersecurity an essential part of the modern game.

I know of at least one professional online player who goes to extreme lengths to protect his laptop, including carrying it with him at all times. He told me that if it left his side for any reason, he would seriously consider replacing it and employs software and devices to avoid using public or hotel WiFi and once confided that when he was gifted a high-end laptop by a client, he immediately gave it away to avoid any chance he had been given. He described it as a loaded weapon pointed right at his bankroll. This level of concern borders on paranoia, but this friend is a wealthy player and a prime target for any new or modern variation of these types of attacks.

What This Means for Everyday Players

But what about the rest of us?

We need to be concerned, for sure, but most of us are not viable targets unless we are caught in a wide net designed to farm victims, the most common form of which requires no malware or direct access to devices – which we can discuss another time. However, we all need to employ some simple precautions and be extremely careful about what we load onto our devices, what links we click, what emails we open, and what software we install.

For example, I know that a very popular form of poker-player tracking software (used to legitimately monitor one’s own play over time) can be found on illegal download sites – apparently “cracked” to avoid serial numbers, etc. but not only will it not work as expected, attempting to install it will leave a nasty bit of code lingering in the shadows of your device. This particular form of attack has the benefit of filtering victims to those invested enough in online gambling to consider tracking their play, which naturally creates a richer vein to be mined by hackers over time.

Many readers will know all of this, but it’s worth reminding ourselves that these tactics are still being employed; constantly morphing and evolving to become harder to recognise and easier to fall for. Ask yourself if you have been exposed to potential malware or if your device might be compromised directly or remotely. Crooked poker players would often break into other player’s hotel rooms or bribe housekeeping to gain access to opponents’ hardware and I know at least one example where USB flash drives were compromised at source (in the factory!) before being sold worldwide and some crooked software is even designed to monitor activity quietly in the background then raise an online flag if the user becomes a worthwhile target.

Software sleeper agents may exist on multiple platforms and in multiple apps across multiple devices, or am I just being paranoid? Yes, and no. Yes, I am deliberately being over cautious by considering outlandish dangers as well as realistic means of deception but I’m doing so for a practical reason – to use military jargon, I’m checking my six – and to steal another phrase from the movie/book “The Hunt for Red October” there’s no harm in performing the occasional “Crazy Ivan” to look back, reverse steps and consider if I stepped in anything that might stink later.

Checking Your Own Blind Spots

My advice to you is to keep a close watch on your own activity and be especially aware that much of what we do online is almost subconscious and easy to forget. Just as you stay alert when playing poker in a land-based casino, you should take the same care when you play online. You might be guarded and careful when using gambling or banking apps, but those links you follow at 3am when you can’t sleep might one day lead down the wrong rabbit hole.

If you’re gambling enough to be a target, then invest in a dedicated device that does not interact with any other device connected to social media and the like, avoid public or unsecured WiFi and put your gambling funds into a separate account, then manage that from your secure device and run constant checks for malware.

Casinos tend to be behind the curve on changing forms of attack, but as everyday players, it takes just a little effort to remain aware that while technology and software evolve at such an alarming rate, the sooner you identify a potential threat, the less damage it can do.

Is it inconvenient? Of course, but not nearly as painful as realising too late that someone has been quietly helping themselves to your money.