Poker News: The Absolute Poker Scam may be tied to the Kahnawake Gaming Commission...

Yesterday, DanDruff of NWP posted the following recreation of the AP cheating scandal. My opinion is that this is the most accurate information currently available about what actually occurred. I also think this has been the most damaging story to online poker yet. For your reading enjoyment:

Some recent damning evidence has come to light that has allowed me to put together a complete start-to-finish re-creation of the crime. The newest development again involves the POTRIPPER tournament. Thanks to a blunder by support, one of the players in that tournament accidentally received an Excel spreadsheet containing the hole cards, IP addresses, AP account ID numbers, and e-mail addresses of most players in the tournament. Nat Arem of pokerdb.com analyzed it, and came up with the following new conclusions:

1) POTRIPPER was initially placed at Table 13. He folded his first few hands.

2) About 2 1/2 minutes into the tournament, a railtard opened up Table 13. This railtard had a Costa Rican IP address, which is where AP is located. The ID number of this account was 363 -- a number so low that it probably pre-dated AP's opening to the public.

3) Account 363 stayed at Table 13 for the entire duration that POTRIPPER was there.

4) POTRIPPER started cold-calling every hand as soon as Account 363 showed up.

The Excel spreadsheet is incomplete. Not all hands are listed, and not all users are listed. However, the part that has been seen has been authenticated by several players in the tournament, according to those on 2+2, and it is generally accepted as being legit.

Obviously, given the Costa Rican connection, as well as account #363 being involved, it is now clear that this was an inside job, as opposed to being perpetrated by outside hackers.

===================================================================

Given the above, as well as everything else that has come to light over the past 2 months, I now have competely pieced together this entire situation. I will outline it below, in "timeline" format:

Sometime in 2003 or 2004: Absolute Poker's software is under development. Several hundred test accounts are created during the development and QA process. Among them is account #363, which is a superuser account. Account #363, unlike the others, has the ability to see hole cards at any table it opens. This can be an important tool during the testing process, as the developers can quickly and easily see that the pots are being shipped to the correct people. Of course, Account #363 is not actually registered to anyone, nor is it ever enabled to play in real money games. It exists strictly for "visual" purposes, and only used during the testing and development process.

Sometime between AP's opening and the middle of 2007: Four totally unrelated accounts are opened by four differnet people in different areas of the United States. GRAYCAT likes Limit Hold 'Em, but he isn't particularly good at it. He takes a few shots at the game, but is outclassed by his opponents and busts. He finally gives up on the site and stops logging in. The same happens with STEAMROLLER, who plays both Limit and NL. Again, he's a donk who plays some here and there, is never too active, but is active enough for a few people to remember him. Like most donks, he chunks off one too many buyins and is done with AP. DOUBLEDRAG, who likes NL, has a similar story. He plays a number of times, yet can't seem to consistently win and eventually busts. POTRIPPER enjoys tournaments, but he just isn't catching the right cards or making the right moves. Like the other three, he goes donk down and tries his luck elsewhere. These four guys are not cheaters. They aren't friends. They have never met, rarely (or never) played in the same game, and each had a different focus on the type of poker they liked to play. However, they all have one important thing in common: They were donks, lost their money, live in the United States, and have apparently not logged into their AP accounts for at least a few months.

July or early August, 2007: AP is in the process of a major software upgrade. One of the programmers, who lives locally in Costa Rica, stumbles upon account #363. He realizes how much money one could make by exploiting this little test account at the highest games the site has to offer. He realizes that this would need to be done carefully, as much suspicion will be placed upon a new account that inexplicably crushes the best players in the world. This rogue programmer comes up with the following plan of action:

1) Take over legitimate (but now inactive) accounts on AP. This can easily be done at the server side of AP, by simply changing the password of such accounts. He looks for an inactive, losing Limit player and comes up with GRAYCAT. When searching for an NL counterpart, he finds DOUBLEDRAG. He sees the apparently abandoned POTRIPPER with a history of losing tournament play. Finally, he finds an all-purpose account, STEAMROLLER, who has a (losing) history in all three areas. The password to all four accounts is changed, and they are now in the possession of the rogue programmer. The actual owners of the accounts are not likely to find out, as they seem to have already given up on AP.

2) Plan to play short sessions at the highest limit games with each of these accounts. Log onto account 363 on another computer, opening up the table where you're playing, so as to see everyone's hole cards. Don't multi-table, as there is a lot of information to see at once, and this will be too hard to manage. Regarding game selection, stick to the area of interest previously shown by each account. GRAYCAT will stay at Limit, DOUBLEDRAG will play primarily NL, etc. Don't win too much at one sitting, and don't stay for too long. Come up with excuses such as, "Time for dinner" when abruptly leaving.

3) When winning pots, act excited in chat, saying things like "Yes!" or "All right!" when winning. This will make you look like a maniac-type donk who is giddy about winning thanks to freak luck.

4) Get friends and relatives involved, preferably those who might already have accounts on AP. Have them deposit some money to get started, even if you need to front it to them.

5) You cannot use GRAYCAT, STEAMROLLER, DOUBLEDRAG, or POTRIPPER to cash out, since they are still registered to innocent, legitimate players in the United States! That's where the friends and relatives will come into the mix. After winning a lot of money on GRAYCAT, STEAMROLLER, DOUBLEDRAG, and POTRIPPER, play against these friends/relatives heads up, and dump all the winnings. Make sure that each friend/relative plays a different cheat-account heads up, so as to not arouse suspicion. GRAYCAT will play SUPERCARDM55 and lose badly. DOUBLEDRAG will drop his entire roll to REYMNALDO. STEAMROLLER and POTRIPPER will also play different friend/relative accounts and, like the other two, will lose everything.

6) Cash out of the friend/relative accounts. Enjoy the hundreds of thousands of dollars stolen from the top online poker players in the world.

Mid-late August, 2007: The plan actually goes into effect. It happens to start just a few days before the major software upgrade is complete. There is particular reason to begin on this day, but rather is just an arbitrary date that the rogue programmer decides to begin the operation.

Late August, 2007: Plan is proceeding well. A lot is being won, but never too much in one sitting. Even heads up, the cheater restrains himself and keeps the winnings relatively moderate. Still, after numerous very successful short sessions, he is now up in the multiple six figures. The first chip dump operation commences. GRAYCAT drops 55k to SUPERCARDM55 at a 200-400 Limit heads-up table. For the benefit of anyone watching this supposed drubbing, "GRAYCAT" constantly laments his terrible luck, but overacts a bit. SUPERCARDM55 plays one session the next day, loses a few thousand, intentionally, and never plays again. He initiates a cashout.

Early-mid September, 2007: Greed takes over. The money is rolling in so easily, and nobody seems wise to what is going on. GRAYCAT starts to absolutely destroy people both heads-up and full ring. DOUBLEDRAG does the same at NL, often calling huge all-in bets with as little as king-high, if it's the best hand at the moment. POTRIPPER plays his now-infamous tournament on the 12th, blatantly taking advantage of what he sees under account 363 without concern about later scrutiny. The STEAMROLLER account is brought into the NL and Limit games to try and take some suspicion off GRAYCAT and DOUBLEDRAG. In the meantime, DOUBLEDRAG dumps 300k+ of his winnings to fellow Costa Rican friend REYMNALDO. REYMNALDO initiates a cashout shortly thereafter.

September 16, 2007: Perhaps greed isn't always good. People start remarking in chat that they are suspecting cheating. As a cover-up attempt, DOUBLEDRAG plays NL again, this time intentionally LOSING every hand. While a decent amount of money is lost in this session, it's a drop in the bucket compared to what has been won, and is in fact a necessary evil for damage control.

September 17, 2007: The accounts in question are frozen by AP, pending an investigation. It is unclear whether the cashouts of SUPERCARDM55, REYMNALDO, and other recipients of chip-dumping were successful.

====================================================================

There you have it. I strongly believe that the above is VERY close to what actually happened. If the full story ever comes out, you'll see how close the above is to the actual truth.

Strangely enough, I believe that the actual owners of GRAYCAT, DOUBLEDRAG, POTRIPPER, and STEAMROLLER are innocent. I remember seeing the cities of GRAYCAT and STEAMROLLER, who both played Limit, before the update. (They eliminated the ability to see cities after the update.) Both lived in the U.S. I remember STEAMROLLER being from Miami and GRAYCAT being somewhere further north, like Chicago.

There is a myth that the cheating began after the update. This is not true. I saw cheating occur a few days BEFORE the update. I believe the only part the update has in this whole thing is the fact that it allowed this rogue programmer to go through the AP software and stumble onto the existence of account 363. Account 363 has clearly existed since the beginning. This was not a vulnerability brought on by any recent software change.

I also believe that, before greed took over, the guy behind this was more careful. Near the beginning of the whole thing, in mid-late August, he kept things more moderate. He lost some hands on purpose, and he never killed anyone heads up too badly. For example, GRAYCAT beat me for 6k heads up at 200-400, then quit the game and insulted me from the rail. Obviously he did this to keep things in moderation, not due to any fear of losing to me. This differs from what he did later, such as when he slammed STEREOFLAVAS for 28k in an hourlong September heads-up match. The POTRIPPER tournament was also executed highly carelessly, but again he was probably blinded by greed at this point.

I believe that the guy playing all accounts was one person. I also believe he had a second computer logged into superuser account 363. I think that the only time he invovled others was for chip-dumping. I am relatively certain that you will find SUPERCARDM55, REYMNALDO, and the other dump recipients with Costa Rican addresses, while the four accounts used to cheat all have U.S. addresses.

Also, keep in mind that the cheater simply needed to open account 363 at the right table on a second computer in order to see the hole cards. I am certain that POTRIPPER, GRAYCAT, STEAMROLLER, and DOUBLEDRAG were not special or superuser accounts, and were just like any other account on the system. Perhaps AP support simply looked at these accounts themselves and stupidly determined that no cheating went on. More likely, however, they know what happened and are covering it up.

This is how it happened. You heard it here first.

---------------------------------------------------------------------------------------------------------------------------

EDIT: As of 10/16/07, some startling new information has come to light on 2+2, possibly implicating former a AP founder as the guilty party. In any case, it now seems clear that POTRIPPER and possibly STEAMROLLER were not compromised accounts, but rather accounts directly set up to cheat and cash out. However, it does appear that my original theory about GRAYCAT and DOUBLEDRAG, who both chip-dumped, is correct.

I usually like to give credit to my sources of information, but in the modern era with a fast-breaking story like this everyone draws from everyone else so this is the best I can do even if it is second- or third-hand.

This list of bullet points comes from Poker-King.com, which is a good source of clear information derived from sometimes arcane knowledge posted on the most active forums investigating this scandal. In fact, Poker-King is giving much more coverage to the rubbles in the online poker community than the other mainstream gambling/poker sources.

==============

There are a few additional pieces of information that have come out via Pocketfives.com and Twoplustwo.com, including:

-the person behind the scheme was the second in charge and has been fired from Absolute Poker

-his one superior, who left this person in charge while he was away, will be removed from running the company for a significant period of time

-the culprit and his superior were best friends

-the press release doesn't name names, and they say that the investigation is still ongoing

-the culprit cashed out a significant amount of money

-there were accounts involved in the scam that the online community wasn't aware of

-players that were cheated out of money will be repaid

-the culprit tried to delete some of the accounts that were used in the scam

I'm a bit confused by this.

1) It is possible that there is always internal logins for these tournaments and what he is showing is nothing out of the ordinary

2) The 363rd user, Is he just assuming this is the case because there is a 363 in brackets. Does he actually know for a fact that means it was the 363rd account ever created or is this just an assumption

I'm not trying to be a smart ass and de-bunk his theory. I'm just uncertain if he has actually proved anything here? Maybe I'm missing something?

Poker-King.com

(http://www.poker-king.com/poker-king-articles.php?article=283)

Another site keeping tabs on this scandal-in-the-making reports:

"Absolute Poker have now said that they will be submitting to an independent third party audit, which will be done by Gaming Associates. Absolute Poker has said that Gaming Associates will be conducting a thorough investigation to determine whether someone may have had access to hole card information, and how they may have exploited that information.

"Allegations have been made against the former CEO of Absolute Poker, Scott Tom. Absolute Poker has said that Mr. Tom will be the subject of a formal investigation...

"A popular theory right now is that the "363" account had access to hole cards of every player at the table, and that previously dormant accounts were seized and used to dominate tournaments, with the proceeds then being dumped off to other accounts under the control of the perpetrators. This would explain why accounts suddenly came out of nowhere to dominate high buy-in tournaments, and then just as quickly disappeared..."

Actually, at a minimum security level, I want the site to have a super-user account that can allow site security personnel to view the table and see if people are playing partners/cheating by softplaying/sharing info on their holdings.

What I don't want is for a disgruntled former employee to keep access rights, use those rights to log into the super-user account, then play on another account using that data.

The existence of a super-user account isn't bad. Having a former employee access it is, and shows that Absolute has some serious IT security issues to get handled before anyone should/will ever trust them with real money.

It's not the question what I have worked and it's not the question is there an testaccount or not!

The question is only, has the software a built-in feature or not!

At a minimum security level, there is no place to forgot this feature.

That site was caught. And what they was doing goes on everynight i nsome form at every poekr site.

What happened at absoulte ive personally seen happen at many many sites. In fact every other week at pokerhost.

The denied it all.Until they realized they couldnt tell any lies, concoct a plan. And try to decive the public. This was done blatantly. And repeatadly. Sites hire programers to maniuplate the code. Attack the premium startign hands. thus ripping off better players. Anyone that palys online poker. HAs a problem its called addiction, and rationalizing to themselves. That online poker is for real. Only thing for real is differnt ways they try and screw you.

I think his point does concern the thread. He may be a bad typist or speller but he understand the thread is about scamming and cheating with online poker. However your response is lame concerning his being retarded and illiterate. Now that has nothing to do with the thread. He actually sees the truth with online business practices, meanwhile, you're too full of yourself criticising spelling and grammar that you didn't have the intelligence to decipher his statement. And they let you be forum pro? LoL

Better to be quiet and let others think you are a fool, then to speak and remove all doubts.

Potripper is the suspected cheater. He sure plays well! This video shows the hole cards of his opponents as well as his own. I don't think he is "just a lucky donk".

http://www.youtube.com/watch?v=FczbS7FiWSM

Ummmm, this may be an even bigger scandal if this new story is true.

http://www.gambling911.com/Cheating-in-Poker-101807.html

I feel sorry for you. I really do.

zzzSmil speaks intelligently and makes very good points and your only comeback is to call him a retard. lol.

You're an idiot man.

If you had read the article and statement Ap put out, both the security breach of its database and the CEO is under investigation. So yea, cheating is part of the issues. not just the company's database being compromise. Man, I wish you'd learn to read between the lines.

WOW!

That is unbelievable. This does not look good for AP at all.

I'm not God, well not quite, anyway. But, glad to hear you've seen the light and will stop crusading against the existence of software testers.

Wow, that youtube video makes me sick. God knows what else is going on with all these online companies.

Wow, that youtube video makes me sick. God knows what else is going on with all these online companies.

So, serious question.

Are you retarded or illiterate? Because your post and its insane accusations has nothing to do with the story in this thread.

Junge ist gut. Du bist Gott und ich habe meine Ruhe!

Not good at all....

but let's point out that the RNG wasn't the problem.

oh my..............

Proof you don't know jack ****.

Why do morons always insist on entering conversations they know nothing about, but still try to act like an authority on the subject?

There's little hope of you looking smart, but if you quit now, you might not look so stupid. Food for thought.