Saturday, May 15, 2010

PokerStars UKIPT To Test New Anti-Cheat Automatic Card-Recognition System at Nottingham Poker Tour Event

Officials at the PokerStars United Kingdom and Ireland Poker Tour have decided to experiment with an automatic card recognition system that will be used in a live webcast. This will not be done at the main event tables but rather in side events.

The way the new camera system works is that all the cards have encrypted bar codes that are read only by infrared cameras and then decrypted, all the while invisible to the human eye. TV Viewers will be able to see the value of the face-down cards on the table. To defend against cheating, the webcast will run on a fifteen minute delay. It is scheduled to be transmitted at 8:15 pm (UK time) on May 16th.

However, in spite of the technological advances, everyone does not agree with this implementation. Several players are concerend that the new technique will allow both spectators and other players (which can be one and the same) to obtain too much insight into their styles of play and in some cases put them at a disadvantage in future tournaments.

My take: I think this advance in broadcasting technology is excellent and I don't agree with those players worried about other players taking advantage of it to get inside their heads. To me there is no real difference between this infrared system and the standard hole card cameras in use today.

Friday, May 14, 2010

Joe Sebok On Ultimate Bet's (UB) Latest Software Encryption Scare!

Like a sharp boxing counterpuncher, Ultimate Bet's pubic relations frontman Joe Sebok has a right-hook defense every time UltimateBet gets hit with a poker-cheating right hand. Each time there is worry and panic that the site recently victimized by the biggest online poker-cheat scandal of all-time is suspect again, Sebok is there to ward off the blows and assure everyone that there is nothing in fact cheatworthy at UB and all is well. Just last week we heard that the UB encryption software was flawed and vulnerable to cheating, so naturally Sebok is here again to reassure us. Here is what he said on his PokerRoad blog.

Sorry for the delay everyone. It was one of my best friend's bachelor parties and I obviously needed to attend that this past weekend.

It goes without saying that everyone is shocked and concerned, rightfully so, over the most recent UB security issues that have gone down. I have received numerous emails from people asking me how another cheating scandal could have gone on there. This is not true. There has not be another incident of cheating that has been found, but rather a scary security hole that was discovered. This is an email that I received that I wanted to share with you all with some inside information directly from UB:

"I wanted to touch base with all of you as I know there was some concern with this recent encryption issue found on our network.
Please understand we fully see the frustration you have with this type of issue as we do as well. However, I am very confident in stating this was a relatively small issue and one that was remedied quickly. Please remember that for someone to have exploited this vulnerability, they would have to have the technical capabilities to crack the encryption/cypher method that we used prior and they would have also had to hack into your local network in order to gain access to sensitive data. It is possible that a hacker could try to develop a system to intercept communication through the internet but this is even more complicated and we believe it is even less likely than the first scenario described.
The method we used for encryption/cyphering was outdated. As soon as they reported the issue to us, we immediately began working on solutions. We released a new version of our software the next morning to address the security vulnerability.
Again, we have no reason to believe anyone has exploited this vulnerability but we have just begun investigating users that our players have requested. We are reviewing all serious complaints to see if any player was able to exploit this vulnerability and we will investigate any other serious requests we receive.
We fixed this issue by implementing a more advanced multi-layer encryption, and we have also implemented logic that will prevent any manipulation of this encryption.
We have also started working on a more advanced solution, which is the implementation of the OpenSSL standard for our client encryption. We expect to have this live in a few days.
We have been in communication with 3rd party companies who we will be working with us to test the new encryption that we are using and the OpenSSL version that we are working on now. We are also discussing the possibility of PokerTableRatings (PTR) engaging the poker community and auditing our complete security in order to ensure we are doing everything possible to provide a secure gaming environment."

Clearly with the history that UB has had, everyone was incredibly concerned about the situation. It seems that it has been dealt with at this point and it is my hope that ANY members of the poker community get involved and attempt to test the security as they can. I have spoke with CEO Paul Leggett and he has assured me that he welcomes any and all of those members to not only test security but also to go through past records as well regarding other issues that many still feel that haven't been addressed.

I continue to work with the team over there to attempt to make sure that there are open lines of communication between the poker community as a whole and the UB management. I have asked Paul to write a semi-regular blog addressing some of the issues that some of the poker bloggers bring up and he has agreed that that is a good idea and something that we need to do. Whether it is hand-histories, ownership issues, or security ones like the one above, often I am not in a position to directly answer them as I do not work in Costa Rica at the home offices and actually help run the company. I advise, and again, try to serve as a conduit for information to flow through when issues are brought up, but in truth I don't often have the answers. I wasn't with UB when many of the negative issues originally happened and thus don't always know the answers, but I want to be able to put Paul in a position where he can answer them. I am hoping that this will bring more truth into the light and hopefully assuage people's fears.

On the latest issue, Paul has instructed me that he is currently working on a list of FAQ's that UB will be using when they call players as well as posting on the blog. He will be posting that later on in this week.

As always, I can be emailed for any number of issues from anyone in the community. I am continuing to attempt to handle most hand-history related questions, although some are in the queue. I always have some frustration at the time that it takes to get things sorted out, as well as the fact that there are some issues on the UB side with retrieving the data occasionally, I'm usually told that are based in the fact that the Cereus network was began not too long ago and much of that data is held elsewhere. I would like Paul to write a blog explaining the issue there as well...

That's it for now. Talk soon...peace

Wednesday, May 12, 2010

More Absolute Online Poker Cheating Scandal Evidence Surfaces!

You may be tiring of the constant updating and blogging about the online poker cheat scams at Absolute Poker and UltimateBet, but I for one think it is very necessary for all of you online poker players who do not cheat to stay abreast of this. The purpose of my blogging about the AP and UB poker scams is not only to keep you informed about the latest developments involving the scams but HOW these latest developments come about, which might lend enough insight into all this online dirty poker business for you to become one of the online poker cheat whistle blowers in some future huge online poker scam. The following article from pokernewsdaily.com gives the latest developements on the Absolute Poker cheat scam, the second biggest online poker scandal in history after the UB scam.

Article:

Two weeks ago, we detailed the writings of Haley Hintze, a former PokerNews.com editor who had posted new evidence in the 2007 Absolute Poker “superuser” cheating scandal. Hintze has since made three more posts presenting additional evidence that she believes further implicates Absolute Poker co-founder Scott Tom and illustrates the complex tapestry of interwoven cheating accounts.

On April 28th, the information Hintze presented really wasn’t anything new, but she provided some insight into how Tom was implicated in the first place. The first screen shot she showed was data that most familiar with the famous “PotRipper” tournament already knew: an “observer” account, likely the “superuser” who could see everybody’s hole cards, was constantly watching PotRipper’s table. Another account, using the same IP address, logged on and off of another table within a minute.

Aside from the evidence of an observer account, two interesting nuggets came from this information. First, the account that made a one-minute appearance had the e-mail address scott@rivieraltd.com. This stood out like a sore thumb to Hintze because it appeared to be a corporate e-mail address, rather than the usual Yahoo, Hotmail, and Gmail accounts that most poker players use. A fellow investigator researched it for her and it turned out that the domain of the e-mail address was that of a company associated with Absolute Poker.

Shortly after this information became public, the rivieraltd.com domain entry was changed, which made many believe that the cheater was trying to cover his tracks. Second, it was determined that the IP address associated with the observer account and the rivieraltd.com account traced back directly to Tom’s house.

CEREUS Network officials have said that Tom had nothing to do with the cheating and that his name has only appeared because he was set up. In her blog, Hintze opines that a conspiracy is far-fetched, as there is so much evidence – IP address of Tom’s house, domain editing, tournament logs, account information, etc. – that it makes a frame-job way too complicated. On top of that, Hintze put forth, it would not make sense for someone to be so genius in putting together the setup, yet be so dumb in calling an all-in bluff on the final hand of a big tournament with 10-high, as the PotRipper account did, which makes the cheating so obvious.

In her next post on May 1st, Hintze illustrated the relationships between many of the cheating accounts. She starts by listing the accounts that the Kahnawake Gaming Commission (KGC) confirmed were used to cheat. She then shows a screen shot from UB/AP’s anti-fraud tool, ieSnare, which lists other accounts associated with the infamous PotRipper account. Any accounts that differ from the KGC’s list should be investigated further, said Hintze.

Hintze did not say, however, that every account associated with PotRipper or any other cheating account is also a cheat. For example, the accounts “graycat” and “steamroller” were around longer than others and therefore had more associations. It is very unlikely that every associated account cheated (one, for instance, was Tom’s father, who has not been implicated) and some have officially been cleared, but it may still be a good idea to look into them further.

Wrote Hintze, “It’s one of those open-ended questions one must ponder when considering candidates for other possible cheating accounts. The further one chases down a given tree branch, the less likely any single link would be to be involved in the scandal, yet it seems first-level associations with known cheating accounts beg for more detailed investigation.”

In her latest blog entry, dated May 4th, Hintze revisited the details of a couple of the cheating accounts to illustrate her belief “that there was a coordinated, perhaps even frantic cover-up of the cheating taking place at AP in the days immediately following the PotRipper tourney in September 2007.”

The first screen shot Hintze presented was the account overview for the “doubledrag” cheating account. Like other accounts, it had a note telling customer service representatives to not take any action on it without permission from management. It also contained two notes from reps detailing calls from angry customers who claimed that doubledrag was cheating. The final note on the account was an account closure by A.J. Green, one of the Absolute Poker insiders implicated in the scandal. The PotRipper account was “blacklisted” just one day earlier.

Hintze then showed shots from the graycat cheating account, which, like the others, had fake personal information. Upon investigation of graycat’s transaction history, a “blacklisting and forced withdrawal” on the account was found, with the funds being sent to an ePassporte account “SPTOM,” which Hintze assumes is short for Scott Philip Tom, Tom’s full name. Thus, it appears, according to Hintze, that Tom received money from a cheating account. This transaction also took place during the same time frame as the PotRipper and doubledrag transactions and blacklistings.

Hintze also showed detailed transactions from September 8th through September 17th in which $150,000 was transferred from the graycat account to an account off-site. She presented this as further proof that the statements by current CEREUS management that none of the cheaters got money off the site were false.

In future blog posts, Hintze will dive deeper into the graycat account, one of the longest-standing of the cheating accounts at Absolute Poker.

Tuesday, May 11, 2010

Cereus Network Encryption Flaws Uncovered! "Serious" Online Poker Cheat Business!

Source: tightpoker.com

It is starting to look like the Cereus Network should think about hiring a new security team. First it was the cheating scandals at both Absolute Poker and UB.com that were discovered in 2007 and 2008 (though the latter dated back to 2005). Now, it has been discovered that serious flaws have existed in the network’s encryption.

The security holes were found not by some huge network security firm, but by PokerTableRatings.com (PTR), a website that tracks online poker player results and statistics. On Thursday, May 6th, Dameon from PTR posted a lengthy article, along with a video, on the website explaining how the Cereus Network’s encryption method leaves players vulnerable to having their data transmissions intercepted. Therefore, someone with the right computing tools could see the hole cards of their opponents.

The culprit is the “XOR” based encryption method that Cereus uses. According to Dameon and PTR, this is a very weak method of encryption, and Cereus should be using the industry standard SSL method. With proper encryption, communications between the player’s computer and the game server (such as login details or hole card information) are masked so that anyone trying to hijack the transmissions would not be able to decipher the data. PTR does not equate the XOR method to legitimate encryption, however. In the article, Dameon stated:

“In fact, the encryption that the Cereus Network employs isn’t so much encryption as it is encoding. To see how simple it is to decode this data, simply open up your windows calculator and set it on scientific mode. All that is really necessary to decode the data stream is the XOR button .

The requirement for this vulnerability to be exploited is network access. This means that if you are playing on an open wireless network, a cracked wireless network (something which is increasingly simple to do), or on a physical network which has been compromised – an attacker could dump the network traffic and exploit this vulnerability maliciously.”

The PTR article goes on to say that unsecured public wireless networks, essentially a wireless network that anyone within range can access without a password, are by far the most vulnerable to “sniffers,” or those people who hook into the network to observe network traffic. The safest would be wired networks (those that run only via cables, not through the air) in private homes where nobody other than the network’s owner would have physical access. Basically, public and wireless are more vulnerable than private and wired. Properly secured home wireless networks should be relatively safe, though.

PTR tested the vulnerability by creating a “cracked” wireless network in a lab setting using “cheap commercial grade hardware,” and a small program its staff wrote to decode hole cards. While this sort of program would not be readily available to the general public, anyone with decent programming skills would be able to recreate it. The software used to crack the network and hijack the hole card information is available on the internet. Using the video to demonstrate, PTR used a laptop equipped with the hacking programs to read the hole cards on a test Absolute Poker account that was running on another computer. Within a second or two, the hacker computer was able to display the exact cards of the test account. The most interest part was that the hacker computer was not even connected to a network – it was able to steal the data right out of the air from the unsecured wireless connection.

At the end of the article, PTR recommended that Cereus upgrade its security to the SSL standard and that nobody play on the network until that is done.

That same day, Cereus COO Paul Leggett responded, thanking PTR for bringing this issue to his company’s attention. He expressed his embarrassment and vowed to have the security hole fixed within hours. It does appear that this was done, although SSL was still not implemented. On Friday, May 7th, Leggett announced that SSL should be implemented within a week. In the meantime, he asked PTR if they would assist Cereus in testing and evaluating the new security methods, which PTR has agreed to do. PTR still recommends that people avoid playing at Cereus until SSL is in place.

Leggett has said that despite the network security issue, there have been no known instances of it being exploited. His security team is continuing to investigate any users that customers have asked about to see if anyone has been victimized.

Sunday, May 09, 2010

New Software Flaws at Absolute Poker and UltimateBet!

Here we go again! If we haven't heard enough already about huge online poker cheat scams plaguing Absolute Poker and UltimateBet, this oughta wet your appetite some more. I'm not saying that we're soon gonna see a scam of the likes of those that have already hit these two sites, but we may be seeing something cheatwise that is brewing.

This article from recentpoker.com hits the online poker cheating alert button!

Article:

The management at Cereus online poker network owners Tokwiro Enterprises must have groaned in dismay just before the weekend as news broke that a new software flaw had been uncovered at the network, comprised of the AbsolutePoker and UltimateBet websites.

The two online poker sites have historically been the setting for online poker’s biggest cheating scandals which cost Tokwiro millions of dollars in licensing jurisdiction fines and player compensation, and more on painstakingly rebuilding badly dented reputations.

The current issue was exposed by the information portal Poker Table Ratings and apparently has the potential to result in the possibility of a cheater ‘seizing’ control of a player’s account and seeing his or her hole cards. PTR immediately went to press to warn players, at the same time passing on its information to Tokwiro. The portal additionally issued a “security alert” advising players not to play at AP/UB on grounds that Cereus was using XOR encryption rather than the poker industry standard SSL protocol for all network transmissions.

One notable difference in how the issue is being handled has become immediately apparent; gone is the past approach of denial, secrecy and procrastination. In its place, Paul Leggett as chief operating officer for Tokwiro immediately took the issue on board and started blogging.

This was what he had to say:

“One hour ago, I learned about an article posted today on Poker Table Ratings (PTR) regarding an issue with the local encryption that we use on the Cereus Poker Network. For those of you not familiar with the issue, PTR was able to crack our local encryption method. I wanted to blog to make sure our players and the poker community know how seriously we take this issue. I would like to start by reminding everyone that someone would have to have the technical capabilities to crack the encryption method we currently use and they would also have to hack into your local network in order to gain access to sensitive [player gaming] data. We are currently working on implementing a new encryption method and we expect to have it live in a matter of hours.”

Leggett went on to comment that the revelations were embarrassing inasmuch as internal IT staff had not caught the flaw and neither had “the countless audits we’ve been through this year and last year.” He assured readers that the company has spent a significant amount of money on all types of security since the AB and UB debacles, and has plans to invest in new security resources and third parties to test these to ensure that players are protected by the best security that money can buy.

Leggett publicly thanked Poker Table Ratings for exposing the encryption flaw. “We will continue to update you on this issue but we will not rest until it is fixed and as I stated earlier, we plan to have this issue resolved within a matter of hours.”

A software update was issued a few hours later, and the firm promised the release of a more advanced solution using the Open SSL protocol, scheduled to be available in one week. Leggett also immediately alerted the Cereus licensing jurisdiction – the Kahnawake Gaming Commission.

Leggett was immediately challenged by one poster who claimed: “It is completely untrue that someone would have to have local network access to take advantage of this, and that assertion is flat out wrong. Someone working for UB’s ISP could intercept ALL traffic coming into UB’s servers and use this exploit. The [gaming] data is vulnerable at EVERY hop between the user’s PC and the server. Your response is also unacceptable, by not immediately shutting down ALL games, you are allowing this vulnerability to persist on LIVE games while you fix it.”

Respected poker journo B.J. Nemath took a calmer view, noting that computer security takes many forms, and there are many different points of potential vulnerability. “This exploit is completely different than the one allegedly used by Russ Hamilton [in the previous scandal] to see his opponent’s hole cards from anywhere in the world,” Nemath opined. “Notice that in this exploit, you can only see hole cards for players on a locally-accessible network — in this test, the guy can only see his own hole cards. That’s because your opponents’ hole cards aren’t transmitted to your computer until the hand reaches showdown. “But if you knew where your opponent lived, and had someone parked down the street “sniffing” his wireless network, that person could call you on his cellphone and tell you your opponents hole cards at the start of each and every hand. “I’m not trying to lessen this issue - it’s a very big deal, and this security hole needs to be fixed ASAP. This seems to be a simple fix (with a short-term patch in less than 24 hours and a long-term fix coming in a week).”

It seems the AB/UB history will never be laid completely to rest; just last week the former editor of Poker News, Haley Hintze, published on her blog extensive findings and insider information on the historic scandals.
She continues to investigate the issues on suspicions of cover ups at the time, suggesting that Russ Hamilton may have been a scapegoat whilst others went free and unidentified.

Casino Street-Cheat Scams Running Amok in Asia!

Asia has a long history of casino-related street cheating scams but it seems now that as more and more Asian countries opt for legalized casino gambling, more Asian crime gangs are coming out of the woodwork to cheat foreign gamblers even before they get the chance to enter casinos. Here's one of the latest Asian casino-cheat street scams that is plaguing Vietnam.

Source: thanhniennews.com

Police in Ho Chi Minh City have arrested four Filipinos from a group who allegedly invited foreigners in Vietnam to join card games and cheated them out of thousands of dollars each time. Three members of the group, Aserdin Cadion Eduardo, 44, Pineda Sevilla Regina, 31 and Elizag Jovito Corpuz, 31 were caught on May 3 in District 1 when they were escorting a Japanese victim to his hotel, asking him to get a further 100,000 Yen (US$1,058) to continue playing. The Japanese, Wakita Kiyohiko, 43, had lost $73 to the game by then.

Investigators found that Eduardo had met Kiyohiko on the street and brought him to a rented home on Nguyen Thuong Hien Street in Binh Thanh District, ostensibly to help translate a letter from a relative in Japan, a trick deployed frequently by the gang. Eduardo, also known as Alex, introduced himself as a card dealer at a casino and offered to teach Kiyohiko how to play.

The group leader Gaspar Gaudenecio JR. Mariano, also known as Gado, and other Filipinos were called to the house to play with him. Gado pretended to lose at first and then they cheated Kiyohiko to win $73, police said.
Gado has managed to evade the police thus far.

Police caught another member Estreuta M. Debelem, 40, when searching the rented house in Binh Thanh District. The gang’s victims were brought to the house every time. Four packs of cards were seized, with a laptop and 300 chips of different denominations including $10, $1,000 and $10,000.
Investigators suspect the group has 6-8 members.

They also found that there were several similar groups from the Philippines operating such scams since 2008, the Tuoi Tre newspaper reported. A special investigation was started on April 16 after foreign consulates in HCMC reported that their citizens had lost a lot of money after being cheated at card games. Most of the victims were Japanese and South Korean men.

The detained Filipinos told the police they entered Vietnam as tourists, stayed for a couple of months to “earn” money and returned home. Each member has earned around $20,000 since 2008, Tuoi Tre reported on May 3.
They also ran similar operations in Cambodia and Thailand, cheating foreigners from the US, Europe or other Asian countries, the group members confessed. Police are looking for all Filipinos involved in the scam. Two Vietnamese citizens involved in the operation have been summoned by the police but their identities have not been revealed yet.