Welcome Guest
Log In | Register )
You last visited January 22, 2017, 1:10 pm
All times shown are
Eastern Time (GMT-5:00)

Employee hacks into online poker site

Online GamblingOnline Gambling: Employee hacks into online poker site
51
Rating:

A leading Internet poker site said Friday that a hacker exploited a security flaw to gain an insurmountable edge in high-stakes, no-limit Texas holdem tournaments — the ability to see his opponents' hole cards.

The cheater, whose illegitimate winnings were estimated at between $400,000 and $700,000 by one victim, was an employee of AbsolutePoker.com who hacked the system to show that it could be done, a spokesman for the company anonymously told a reporter.

"This is literally a geek trying to prove to senior management that they were wrong and he took it too far," he said.

The Costa Rica-based company, which is controlled by a parent company owned by members of the Kahnawake Mohawk tribe in Canada, issued a statement later in the day acknowledging the breach and promising to refund all money, including interest, to players who were victims of the scheme. It also promised a "comprehensive statement ... providing more details of the findings" would be issued soon.

The spokesman said the employee did not withdraw any of the money from the accounts that were used in the scheme.

"We acknowledge a significant internal security breach whereby a resource who was infinitely knowledgeable about the system was able to get into the accounts in question. He played on those accounts and he saw hole cards," the spokesman said.

"We have closed that security breach and we have identified a very serious issue internally as far as communications flow and we're resolving that," he said.

Lawsuit and criminal charges possible

The spokesman said the company also was contemplating filing a lawsuit and criminal charges against the employee.

While peeking at an opponent's hole cards was likely to bring a hail of lead in the Old West, the group of wronged players in this case was initially rebuffed by Absolute Poker when they aired allegations of apparent cheating on the 2+2 poker forum in late September.

In a series of postings that soon spread to other poker forums, the players said that some players using the aliases "Graycat," "Potripper," "Steamroller" among others appeared to have superhuman powers at the poker table. Several players who had encountered the suspect players in games from mid-August through mid-September said they played with wild abandon, always seemed to know when to raise and fold and were winning at an inconceivably high rate.

Serge Ravitch, a 27-year-old New York lawyer turned poker player who was among the first to level cheating charges, said the company's response to the initial posts was "essentially to stonewall and deny any cheating had ever occurred or that the described events were even possible."

Many players also were initially skeptical, though that sentiment largely melted away when players posted a re-creation of a tournament involving "Potripper" on the Internet.

The re-creation, posted on Youtube, was based on a "hand history" that Absolute Poker sent to one of the complaining players, but which contained far more information than the hand histories usually available to online players. This one showed all players' hole cards, rather than just those of the requesting player, and included a great deal of private information, including IP addresses and e-mail addresses.

Two independent experts who examined the re-created tournament record came away convinced.

'He can see the cards'

"(He) can see the cards, and you can put my name on that," said Roy Cooke, who was head of security at the pioneering poker site Planetpoker.com for six years.

"When people are doing things out of character and consistently doing it right, there's a reason for it," he said. "When they're always playing the hand that has value in a situation and then folding a great hand when it has value, they can see the cards."

Michael Shackleford, a former actuary with the Social Security Administration who now focuses on gambling at his Web site, wizardofodds.com, said it was highly unlikely that Potripper's streak was simply attributable to good luck.

"It would be easier to buy a 6/49 lottery ticket in six different states, and hit the jackpot all six times," he said.

If the experts found the evidence overwhelming, Absolute Poker did not.

In its first statement on the allegations, the company said, "The result of our investigation is that we found no evidence that any of Absolute Poker's redundant and varying levels of game client security were compromised. In other words, we have determined with reasonable certainty that it is impossible for any player or employee to see hole cards as was alleged. There is no part of the technology that allows for a "superuser" account, and there is no way for any person to influence the game software to their advantage."

Who was the mysterious observer?

Ravitch, a blogger known as "Adanthar" in the online poker community, and Nat Arem, another player involved in posting the tournament re-creation, began fielding a flood of tips from insiders in the offshore Internet gambling industry and continued to press their case.

With help from other players, they traced the IP address of a mysterious observer at Potripper's table to Costa Rica and determined that the account was an internal Absolute Poker account developed during beta testing. They also cross-referenced an e-mail address used by the observer and found that it apparently belonged to Scott Tom, who they identified as either a past or current official at Absolute Poker.

It was only in this last detail that the amateur sleuths erred, according to the account emerging Friday.

Adam Small, an official with Pocketfives.com, a community of online tournament poker players, said that he spoke with officials of Absolute Poker on Thursday night and was told that the rogue employee had deliberately used information pointing to Tom.

"What they said on the phone was that it was not Scott Tom ... and that he has sort of framed Scott Tom," he said.

The Absolute Poker spokesman did not confirm that the employee had attempted to frame Tom, but he said, "No management was involved, and Scott Tom ... had no part in playing on any of these accounts."

In a statement earlier this week, Absolute Poker said Tom "has not been involved with Absolute Poker for over a year and to the best of our knowledge, information and belief has not had access to any of Absolute Poker's systems, databases or information."

Site owned by Canadian Mohawks

Absolute Poker states on its Web site that it is owned by Tokwiro Enterprises Enrg., located in Kahnawake Mohawk territory nine miles south of Montreal, Quebec. Tokwiro is described as a Mohawk owned and controlled sole proprietorship. The site also is licensed and ostensibly regulated by the tribe's Kahnawake Gaming Commission, though it is not clear what level of scrutiny the commission applies to its licensees.

Many poker players interviewed for this article expressed concern that the incident would be another "black eye" for online poker, which has surged in popularity in recent years despite attempts by the U.S. government and many states to prevent Americans from playing over the Internet. Most indicated they would prefer that the sites were licensed and regulated by the United States, but said they consider most of the leading offshore sites to be fair and secure.

"I think that the reasons this got handled the way that it has, with a happy ending, is because the overwhelming majority of people in the industry ... want things to be run in a fair and honest way," said Small of Pocketfives.com. "... There is a perception that a lot of people in the industry are thieves, but that's not the case for the most part. When something like this happens, the rest of the people, as soon as they catch wind of it band together and look for ways to pool information and bring people down who have done harm to them."

Top Internet poker sites

(Number shown is unique visits in September, 2007.)

  • FullTiltPoker.com (1.69 million)
  • PokerStars.com (1.42 million)
  • AbsolutePoker.com (548,000)
  • Ulimatebet.com (393,000)

Source: Nielsen Online

MSBNC

We'd love to see your comments here!  Register for a FREE membership — it takes just a few moments — and you'll be able to post comments here and on any of our forums. If you're already a member, you can Log In to post a comment.

8 comments. Last comment 9 years ago by johnph77.
Page 1 of 1
justxploring's avatar - villiarna
Wandering Aimlessly
United States
Member #25360
November 5, 2005
4461 Posts
Offline
Posted: October 25, 2007, 1:16 pm - IP Logged

I know it's not the same - but this is just one more reason NOT to have computerized drawings for lottery games.  Actually, I wouldn't mind if the individuals handling the balls were blindfolded! 

 Smiley

    tnlotto1's avatar - logo
    nashville
    United States
    Member #49896
    February 18, 2007
    1181 Posts
    Offline
    Posted: October 25, 2007, 3:18 pm - IP Logged

    ive been a member of this poker site since 2005 it was the first time i ever spent money online and i hope they can figure out how to make it more secure.

      Guest


      Member #0
      January 1, 2000
      0 Posts
      Offline
      Posted: October 25, 2007, 6:52 pm - IP Logged

      ive been a member of this poker site since 2005 it was the first time i ever spent money online and i hope they can figure out how to make it more secure.

      If I read this story correctly,this fellow tried to tell his bosses that there was a flaw in the system and his bosses dismissed him as an idiot.Instead of thinking about prosecuting him,they should think about putting him in charge of security.He obviously did what he did to prove that there were holes in the security.He didn't keep the money.I don't think he was out steal from them.I think he was desperate to prove to his bosses that they were ripe to be ripped off!

        time*treat's avatar - radar

        United States
        Member #13130
        March 30, 2005
        2171 Posts
        Offline
        Posted: October 25, 2007, 7:01 pm - IP Logged

        Typically, employees who point out a security problem are treated as though they are a security problem. "If you know how something can be stolen, you must be thinking about stealing it." That you brought it to their attention is not evidence that you are trying to help, just evidence that you are not very smart. "The one who smelt (smelled) it, dealt it". Easier to swat the whistle-blower than to fix the problem. 

        In neo-conned Amerika, bank robs you.
        Alcohol, Tobacco, and Firearms should be the name of a convenience store, not a govnoment agency.

          justxploring's avatar - villiarna
          Wandering Aimlessly
          United States
          Member #25360
          November 5, 2005
          4461 Posts
          Offline
          Posted: October 25, 2007, 11:47 pm - IP Logged

          One of my favorite quotes is:

           

          "No good deed goes unpunished." Clare booth Luce

           

          How many people report a crime and then become suspects?  Remember Richard Jewell?

            Avatar
            MI
            United States
            Member #20229
            August 14, 2005
            60 Posts
            Offline
            Posted: October 26, 2007, 8:33 am - IP Logged

            Typically, employees who point out a security problem are treated as though they are a security problem. "If you know how something can be stolen, you must be thinking about stealing it." That you brought it to their attention is not evidence that you are trying to help, just evidence that you are not very smart. "The one who smelt (smelled) it, dealt it". Easier to swat the whistle-blower than to fix the problem. 

            I Agree!

            As in a lot of companies and the current political climate, unless your giving me information that fits what I want to hear don't say it. In other words do not give me bad news, if you do your fired.

            There's a good movie called "The Billion Dollar Bubble" that shows exactly what happens when you can only bring good news to the boss. It was made in 1976 and is still relevant today. It should be shown in all business colleges across the country.

              Avatar
              NY
              United States
              Member #23835
              October 16, 2005
              3501 Posts
              Offline
              Posted: October 26, 2007, 12:44 pm - IP Logged

              I know it's not the same - but this is just one more reason NOT to have computerized drawings for lottery games.  Actually, I wouldn't mind if the individuals handling the balls were blindfolded! 

               Smiley

              This is extremely different than using RNG's for the lottery, so I don't see it as offering any more reason than any other example of somebody doing whatever the system allows them to do to try and cheat.

              OTOH, it is an extremely good lesson on the possibility for fraud in many forms of online gambling.  It sounds like this guy was only trying to make his point, and therefore he was very blatant in what he did. Somebody who only wanted to make money by having an unfair advantage could potentially play for years without leaving an obvious trail if they were also an insider. That insider could be an employee  working to lin ehis own pockets, or the company working to increase their take. When you play an online game you really won't know who your opponents are.  Even without a software cheat the house could simply play as 4 opponents against one legitimate player, and assuming everyone had equal skill they could expect to win 80% of the time. A good player could win twice as often as any of the four fake players, and still lose 60% of the time. Add the possibility of using the software to cheat, and the sky is the limit.

              That's not to say that such cheating is actually happening. Casinos, whether real or virtual  can get rich on their legitimate edge. OTOH, I can only assume that nobody who worries about possible fraud with RNG's would ever gamble online.

                johnph77's avatar - avatar
                CA
                United States
                Member #2987
                December 10, 2003
                832 Posts
                Offline
                Posted: October 31, 2007, 4:23 am - IP Logged

                Going slightly off topic.

                Something to think over - RNGs are an essential part of online poker, even though there are only 52 cards in the deck. If you trust RNGs in that game, what's the difference with using RNGs in lotteries?

                Back on topic, this isn't the only incident of this type that has occured in online poker. The difference is, this one achieved publicity.

                Blessed Saint Leibowitz, keep 'em dreamin' down there..... 

                Next week's convention for Psychics and Prognosticators has been cancelled due to unforeseen circumstances.

                 =^.^=