Slashdot Mirror
"Back Door" Cheating Scandal Rocks Online Poker
AcidAUS sends us the story of an online poker cheating ring that netted an estimated $10M for its perpetrators over almost 4 years. The article spotlights the role of an Australian player who first performed the statistical analyses that demonstrated that cheating had to be going on. "In two separate cases, Michael Josem, from Chatswood, analyzed detailed hand history data from Absolute Poker and UltimateBet and uncovered that certain player accounts won money at a rate too fast to be legitimate. His findings led to an internal investigation by the parent company that owns both sites. It found rogue employees had defrauded players over three years via a security hole that allowed the cheats to see other player's secret (or hole) cards." The (Mohawk) Kahnawake Gaming Commission, which licenses the two poker companies, has released its preliminary report. MSNBC reporting from a couple of weeks back gives deep background on the scandal.
Not a bad deal, but I'll want to see the flop.
You can't talk about Wikipedia's flaws on Wikipedia
Illicit high rollers get free room and board for the next 5-10 years.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I don't gamble.
I invest my money in the stock market.
Don't bet on it. ;)
I still don't understand why people do this. Are they really THAT desperate to place a bet, any bet? Might as well become a day-trader and play the stock market for your fix. It would be a lot more regulated than most online poker.
SJW: Someone who has run out of real oppression, and has to fake it.
I thought this was gonna have something to do with anal sex. I was "sorely" disappointed.
"I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
You have to be crazy to trust the house in online poker. In physical poker, it's a lot easier to see when the house is cheating.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Backdoor? That's nothing. What if I log into a table (which seats 10 people) with 1 friend... or worse, 8 friends -- and then work as a team.
They played under the same accounts over and over for four years??
It's like they were begging to be caught.
In the words of the Stainless Steel Rat, "Learn to graft and walk away and live to graft another day."
If the masses can keep you down, you're not the Ubermensch.
This cheat required somebody on the 'inside' to perpetrate. As with most casino table games, if you have somebody on the inside, cheating is easy.
This is how I cheated at various online poker sites. Me and two buddies would join a table, and have a VNC connection setup to view each others hands. two of us would play dummy hands based on whom had the best hand of the bunch. We cleaned out every table we played at.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
I'm amazed that people are surprised that an online gambling site has something fraudulent about it...
Maybe I'm being archaic here, but plain 'ol gambling seems sketchy enough as it is. When you take that online and you aren't even rolling real dice or shuffling real cards, can you really expect to have fair and truly random experiences?
Now I think the people who perpetrated this scam are scum, but it really seems to me that the players who got ripped off shouldn't have been gambling online in the first place.
For those who don't know, Kahnawake is Mohawk territory claimed by the aboriginals (aka Indians) in Canada.
The Mohawks claim to sovereignty over the land, and do not allow the provincial & national police to enter.
To avoid stirring up trouble, the Canadian government usually doesn't send police to Kahnawake, even though the Canadian government doesn't recognize the Mohawk claim to exclusive sovereignty.
Without any real police force, crime flourishes in Kahnawake. Drug smuggling, gun smuggling, people smuggling, cigarette smuggling, you name it.
Don't trust any business in Kahnawake, let alone a business attractive to crime, like gambling.
Not long ago, there was a Mohawk criminal driving at high speed (off-reserve) trying to get to the Mohawk territory before getting caught by the police chasing him. He made it on to the Mohawk territory, and the police abandoned their pursuit. Sadly, the Mohawk driver ran a stop sign and killed a Mohawk teenager.
For the people of Kahnawake, it seems that it is more important to be the victims of aboriginal criminals than to cooperate with non-aboriginal law enforcement. Sad.
If you've ever played UB, you'd not be the least bit surprised.
Now that these online gambling sites have been proven as havens for cheaters, our innocence has been broken and our trust that anonymous strangers on the internet would play games of chance for money in a purely ethical and fair manner has been shattered.
For shame!
From what I gather from the articles, they didn't actually write any code that tapped into the server... it was just getting information from the client app that was residing in memory but was not displayed to the screen.
This is just an enormous case study suggesting why strict client/server separation is essential, and that clients only get the information on a "need to know" basis.
Isn't this a fairly standard design practice? How did this happen?
--
Hey code monkey... learn electronics! Powerful microcontroller kits for the digital generation.
Play WAR? [warct.com]
Was a little ambiguous when talking about card games. Though I'm not sure that playing war (the card game) would really be worthwhile online from a gambler's perspective...
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
there is no technological security fix made by a man that cannot also be broken by a man
all you need is enough incentive
given that realization, and the boundless financial incentive implicit in onliner poker played for real money, it should rapidly dawn on you that there is no such thing as an online poker game played for money that cannot be fixed, and probably is fixed, if you are pumping real money into it
playing online poker is really foolish. its an arms race between exploitation and security, and the incentives are just way too high to exploit
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
This illustrates why online gambling is so @#$%ing stupid. How can you possibly be sure the game is honest?
Proverbs 21:19
Yea, Yea the found a hack and they exploited it... Big Whoop, that not news. The real news is that Online Gambling Industry is starting to use Decision Support Systems and other Business Intelligence methods for finding the cheaters...
Most companies are pathetic with incorporating Business Intelligence into their infrastructure. They collect the data and do nothing with it. Most IT people don't care about doing anything with it. It is quite sad.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
o my....story time...
The phrase of the day is "superuser"
This data was given to many professional online poker players who analyzed the data in late 2007 (see 1 year ago, 10/16/07 to be exact) when they requested the data from the online site "Absolute Poker".
Instead of the site giving them the usual data which hid the opponents cards unless they had shown them during the hand, they sent all the raw data which included the opponents hole cards, and specifically every player and spectators player number. One of the spectators was player number "363" I believe which was incredibly low (one of the first ever to register on the site).
When designing the software they must have used several "superuser" accounts to make sure that it was working correctly, so they let it see all the cards on the table. Someone inside Absolute Bet discovered(or knew they entire time) that the loophole was still open and used multiple accounts to siphon hundreds of thousands if not millions of dollars off of their high stakes users. This was used also over other websites running the same backend software.
What made this so obvious, simply put, to the high stakes players was that these players were playing perfectly over thousands of hands which isn't possible unless you know all the cards on the table.
For more reading see:
http://freakonomics.blogs.nytimes.com/2007/10/17/the-absolute-poker-cheating-scandal-blown-wide-open/
or for more poker talk:
http://archives1.twoplustwo.com/showflat.php?Cat=0&Number=12523924&page=0&fpart=1&vc=1
This actually surprises me. I thought cheating for the House was 100% LEGAL. Turns out it's not.
In any case, my trust in gambling sites isn't any greater than my trust in Diebold voting machines.
I am shocked, SHOCKED, to learn that there is cheating occurring in online poker!
Round up the usual suspects . . .
Ron Rivest and others have built many good systems for creating secure online poker games. It's possible to deal the cards in a way that the server can't eavesdrop. Now, of course, these can't do anything about n-1 people at the table working together through outside channels. And a good algorithm can still be defeated by bugs in the client software. But the point is that there are good algorithms out there.
Well it's a little bit better than saying "Play Warhammer Online: Age of Reckoning?"
=P
Casinos make money on the large number of bets.
On any given bet, there's a pretty good chance, maybe 49.5% on a "good for the gambler" bet, that they'll lose.
However, on 1,000 same-sized bets, the odds are very small that they'll lose overall. On a million same-sized bets, it's practically certain they'll make close to the "expected return." On a bet that keeps only 1% for the house, 99 times out of a hundred that's still a million bucks for every 10,000,000 $1 bets, give or take a few thousand. 99.999+ times out of a hundred, it's still at least breaking even for the house.
By the way, I made these numbers up. The actual numbers are probably pretty close.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If you ask me, the rate at which the unethical/criminal behavior of the month is being perpetrated only by "rogue" employees without management's knowledge is somewhat too high to be believed.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
If it was legal, you'd only play onshore, where you could rely on it being inspected and audited much like slot machines.
The only people who would play unknown offshore games are cheaters, idiots, money launderers, and those trying to avoid taxes. And only the cheaters and the house(who are probably either the cheaters or the money launderers) would win, draining the money from idiots and tax-dodgers.
Sounds good to me.
We can all thank the liquid helium leak for an extra 6 months of life on this planet. :)
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
As my Dad often said, go into a bookie's and you'll see five windows for paying them but only one window for paying out.
Drill baby drill - on Mars
Maybe Wall street should run it.
gamblers are already defective.
What amazes me is that so many people believe that there just can't be cheating in on-line poker, a game where you have to trust the operators to not be in the game and looking at all of the cards. When I even mentioned that this could be happening a few times years ago on Slashdot I got modded down and flamed because it just "couldn't happen" and the nice people who ran the games would be perfectly content to take their cut and would never think of cheating. And people also ignored the fact that multiple players who know each other (or one player who plays several hands, even with different Internet connections) can share data about their cards with each other, giving them a small edge against other players who think that all players have the same information available to them. I have since learned from a friend who does play on-line that he and his wife often play in the same hands even from the same IP address and this certainly does go on and is not prevented from the "on-line casinos" that run the games.
I'm an American. I love this country and the freedoms that we used to have.
I'm not an economist, so I'm asking: really?
I thought the whole idea of capitalism is that labor creates value. As long as the amount of labor is increasing, shouldn't the value continue increasing?
I know that stock prices are mostly the results of wild guesses, but a share in a company should have a true (if unclear) value that boils down to "one share of lots of valuable goods and services," right?
Wow, this isn't something new or shocking to anyone who is involved in the online poker world.
Some folks on twoplustwo did all the leg work and uncovered this over a year ago (if not earlier). Keep up the good work in posting old stories!
60 Minutes is supposed to be running a story about this soon. The interviewed some of the people involved in uncovering it earlier this summer.
seem to be from people that know absolutely nothing about poker and ultimately nothing about how the sites make their money, so let's clear up a few things.
1. It would never be in the best interests of the company to try to allow this to happen to anyone, as the cost would be too high. If players had a hint that they were being cheated they would never play there. That $10MM figure is nothing compared to what the sites generate from rake alone. The only people who could benefit would be hired contractors who wrote the code and got paid some small amount of money to do so. To them, it would be worth the risk to try to cheat somehow, and they obviously did.
2. To the few people who seem to think that they were getting information that was already on their systems from memory that was encrypted or something, well, that's false. The "special" accounts were sent information that other players do not get sent. You only get your hole cards, and it's not until a showdown where anyone but you and a random server out there know what anyone has.
I guess that's it, aside from the extreme unlikelihood that anyone would try to cheat in this manner at a small (say 30-60 or less) game. The risk/benefit doesn't add up at those stakes.
A few random points: high stakes poker can be shady at times, and collusion in the smaller games can be defended against to some extent (by either not playing, or using the style of collusion against the colluders. At times games can appear to be collusive due to excessive raising, but the majority of the time that's just strategy.
A fool and his money are soon parted... give that fool a computer and his money will part with greater efficiency and speed.
No wonder kdawson is taking such a keen interest, just as he takes a fat one up the ass.
and people pay for being entertained.
Yeah I found out much to my huge disappointment that you don't get comped drinks at the Windsor Casino in Windsor, Canada. Or, just guessing, any other casino that isn't surrounded by dozens of other casinos that you could take your gambling money to. I'd bet comping is mostly a Vegas/Reno thing.
That said, I did recently go to vegas, and HOO-BOY did I drink a lot of free drinks. By the way, a decent tip can actually greatly accelerate your drinking. I gave a $5 chip to a waitress and instead of come around take my order, come around with the drink, come back later for next order, every time she showed up she had a jack & coke for me, sometimes before I'd finished the last one. Yay!
Now I didn't do the cheap-o nickel slots thing, which is a great idea, but also boring because slots are boring and you can't even play them quickly or it defeats the purpose. I like to play black jack and craps and actual games. And here's my geeky way of looking at it: You know arcade racing games, where the quarters you plug in give you track time, and passing a checkpoint gives you bonus time? Well think of the $50 or $100 you plan to lose as your initial quarters, the free drinks are the "race", and winning a bet is like the bonus time! The goal is to drink more in free drinks than you are losing gambling.
I didn't win, but hey, it's was a fun game. :)
The enemies of Democracy are
This is not the case if those people have wisely continuously shifted their investments to less risky portfolio allocations as retirement approaches. You might still lose a significant chunk of money, as you probably aren't completely out of equities, but the majority that is invested conservatively will keep you going while the market recovers. If you retire at 60 and live until 85 you still have a very long time horizon to recover losses.
You forgot to ask for a pack of cigarettes.
Even if you don't smoke, you can collect a bunch of them and then sell them to your friends back home.
Well, in a lot of kinds of poker, the way you can guarantee a win is by controlling, say, 3 out of the 4 players at the table. Even if nothing else, you can know that you're not going to get that 4'th ace, because your other player has it. And neither can your opponent have an ace, for that matter. It makes calculating probabilities a lot easier.
It also allows you to stage your own little shows, like 3-card monte charlatans always have an accomplice who wins to get the crowd confident. Except here you don't even need an accomplice.
Or if all else fails, you find some bug like these guys did, and exploit it.
So some gullible sap sits down at the table, and gets cleaned up before even knowing what hit him or that the other 3 guys were basically looking into each other's hands. Well, gee, how'd they know I didn't have a royal flush? Because someone knew that between them, they have some key cards you'd need for that.
RL poker has a lot more to do with psychology and being able to control your reactions. Hence the term, "poker face." Once you remove that, there's a lot more averaging, as everyone except complete dolts can get a list of rules that say when to hold 'em, when to fold 'em, when to walk away, and when to run.
So, while I wouldn't say _everyone_, my instinctive bet would be that a lot of those who are supposedly that good as to make a living off online poker, are actually plain old cheating.
Plus, if I had to place that bet, I'd hedge it with a side bet on "whole lotta money laundering going on." I mean, if you had to transfer a bunch of drug-deal money to Joey The Butcher, or just pay your illegal imigrant workers their wage, it's easier to pretend you played a round of high stakes poker with them and you're that bad at poker, than to go and withdraw tens of thousands from some bank and hand it around in unmarked envelopes. Darn, lost again this month. Who's going to prove that you aren't that much of a sucker?
Follow the money, basically.
A polar bear is a cartesian bear after a coordinate transform.
Didn't see that coming...
{Choking down another buffalo wing}
deleting the extra space after periods so i can stay relevant, yeah.
I SAID NO CONSEQUENCES!
You better watch out, there may be dogs about . .
Heck, I don't even trust digital gas pumps.
From *before* the Absolute Poker or Ultimate Bet scandal broke. By far the simplest explanation here is that Mark Seif (Poker pro, also site spokesman and part owner) was at least playing around with "superuser" capability.
By the way I followed this thing since it's inception at 2+2. Absolutely riveting story and investigation job. We're all just hoping it doesn't kill online poker.
http://www.internettexasholdem.com/poker-forum/at-absolute-pokeri-cant-believe-how-low-this-was-vt34808.html
"Play then started again......and I saw something that I never have before in all my on-line poker play: obvious manipulation. Every hand was a complete dissection based on whatever Mike was holding (third pair was capped by Seif if Mike was behind or bluffing, for example.) About 10 or 12 k was basically stolen in 15 minutes (over maybe 100 hands), and here's the kicker: he was so pissed and beyond rational thinking that he actually wanted Mike to know what was going on! For example, Mike had K9 on one hand and flopped a boat. Seif was first to act after the flop, and FOLDED OUT OF TURN just that time."
That just doesn't happen in poker. That you flop a full house and a tough aggressive opponent open-folds.
Some of the comments I've read on this article are embarrassing, and honestly, this article itself is embarrassing.
I play poker professionally on multiple sites, and have done so over the last few years. The scandal this article references is old news, and was discussed intensively on the 2+2 poker forums. The site was not cheating its customers. An employee supposedly warned Absolute about a security hole that would allow for a superuser account that could view his opponents cards, and when he was rebuked, proceeded to do so on his own.
Online casinos have very little to gain and everything to lose by doing something like this. The operating costs compared to the rake that they take in is certainly a huge gap in favor of the site, and having superusers out there to take $50 (a limit that most people that claim online poker is "rigged" play at) off their customers here and there is absurd when you consider the results of being busted doing so. Further, when players claim poker is "rigged" for action to increase the rake, they obviously just do not understand that there is almost always a cap placed on the rake these sites take, a very low one especially in comparison to live casinos, and as such building big pots would net them very little. Generally these claims of being rigged are made as players claim to see a disproportionate amount of strong hands, not considering the fact that online poker tables see as many as 10x the hands that live tables do, and so unlikely hands like four of a kind and straight flushes are much more likely to occur.
In general, all the comments made so far claiming that it is "obvious" that online poker is rigged have no idea what they're talking about and are merely losing players. In this particular case, an employee found a security hole that was only even accessible by someone with inside access, reported it, and when it was not acted upon, abused it. This is certainly a problem, but one that is not as rampant as many players would lead you to believe.
In online poker:
* the house doesn't need to cheat. The amount they make verses their costs means they don't need to
* players try and cheat via collusion, but their edge is so small it's not worth worrying about
* if you are playing cash games you will probably be fleeced by bot networks. I know people that run them, they live in tax havens and siphone off fortunes via a network of Net-teller accounts etc. Most of the bots run via valid accounts and credit cards, with the recipients that run the software 24/7 on their machines via DSL rake in 10%. The bots don't run on tournaments so that's where I play.
In real life:
* the house doesn't need to cheat. It's still a profitable business
* in a poker club or a casino the other players rarely cheat. It's such security that justifies the house rake
* in private games you have to watch for cheating. Eg thumbnail imprints on the back of cards, bent corners, etc.
Phillip.
Property for sale in Nice, France
Hey guys poker is not gambling, in the long term!
Just visit sharkscope.com and check the name livb112 at FullTilt!
Username Games Played Av. Profit Av. Stake Av. ROI Total Profit
livb112 23,560 $43 $840 5% $1,020,747
Seriously, what exactly is a Gaming Commission and what executive powers do they have? It is a real question btw.
The Kahnawake Gaming Commission is located on a Native Reserve, South of Montreal, Canada. What kind of Legal power do they have? It's certainly not federal or provincial! Can it be trusted?
Some folks over on Wikipedia are also questionning this.
I'll probably be 'trolled down' if I mention that 'some' Kahnawake Mohawks have had 'some' legal issues in the past (read: tobacco contraband, drug smugglin') because it is most likely not the same guys who run the Gaming Commission and it's non-relevant. However, as a Quebec resident, I can't help but relate what I see in the news 'bout Kahnawake Mohaks and the KGC.
Posting AC per my lawyer advice.
The only way any of these companies can get my trust back (I used to play on full tilt a lot and I did quite well) is to release the source to their server and client. There is no harm to be done here, as all the game logic should be happening on the server and the only purpose the client serves is presenting the information to the user. As all of the client-server conversation is SSL encrypted (believe me I've checked) there is no danger here. Am I crazy for thinking this?
I see my shadow changing, stretching up and over me...
FTA:
Or...cheaters of the future might learn from this and not be so flagrant about using their advantage, instead factoring in what is statistically possible and turning smaller profits, but at a less detectable and therefore safer rate.
That was last year...
They should check iPoker next, the random is even stranger.
I worked for a number of large online gambling software development houses, and I would rather work on the killing floor of a slaughterhouse than go back to that line of work. Insane unbridled greed at the executive level, ruthless backstabbing environment, and the worst code and coding practices I'd ever seen. Patching live servers was a common practice, but you'd better not screw up! Downtime not allowed, period. Downtime means no money coming in, and programmers / system administrators who were deemed responsible were taken out into an alley and beaten up. The owners view players as idiots who deserve to be ripped off. Believe me, all online gambling really is owned by the mob, and "Get the money first, keep the money, don't ever give back the money" is their catchphrase.
Well people should find better things to do then play online poker.
I was told, the only time online poker is fair, is when you are playing a small hand game, 5cent bets etc... this way no big fish are interested in the game, and regular people have a fair chance at winning.
The problem stems from the big game poker, where someone is sitting at home with 5 accounts on 5 computers and has 5 bots running at all times with special keyboards, and ends up ruling the table where the 6th player is you....no matter what ... he takes your money.
I have seen it done, and since then do not bother with playing poker online.....give me the real game.
I guess it is better, for those who know what that is (which obviously does not include me).
Although I suppose that might not be bad, either. Some people (myself included) will click on it because they have no idea what it is.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Its going to be yet another online poker thingy and will be play-money only at the start but the client has plans to go the Real Money route later on. We have been told that he has no intention of making us work on anti-cheating measures and, you won't believe it, he wants a few cheats encoded into the system which will allow some superuser accounts to see the hole cards.
I personally don't really care since well I am no saint myself but just saying that this is the kind of thing you should expect when you decide to bet your hard earned money on online gambling games (yeah yeah I know poker is not gambing blah blah, I have heard it before but its worse than gambling if someone knows your hand ALL THE TIME)
Mental poker is the general name for cryptographic protocols that can be used to securely play games of chance and hidden information with no possibility of cheating because of a single trusted server. Obviously collusion between legitimate players in the game can still occur, but I can't believe that anyone would even consider playing online poker (read: giving lots and lots of money to some guy online who promises that he won't steal it) without some sort of assurance that the underlying software wasn't as fair as an actual table with physical cards.
I have to admit that I'm not much of a gambler (or even a card player), but I took a look at one of the online casinos recently, after they sent me a REALLY slick marketing packet in the mail.
It was a full color glossy "magazine" with real articles and everything, but essentially an advertisement to visit an online casino, with a free $50 credit to get started.
I figured, "$50 to get started? I'll give it a shot, and if nothing else, I'll just cash out and collect my $50 or whatever is left of it after I lose a round or two!"
Well, after installing their software on the included CD and going through their lengthy registration process, I picked a blackjack game and gave it a try.
That's when I realized there was a LOT of fine print, beyond what the advertisement promised. Yes, you could place bets with your complimentary $50 credit, but money you won over and above that was not possible to convert into a real payout. You could only use it for further gambling. You had to deposit actual funds before you could withdraw any winnings!
At that point, I just played until I lost my "$50" and logged off, never to use the garbage again.
The government of Ontario won't let them give out free alcoholic drinks... I know, I think it's dumb too.
Find Nearby Indie Events