[ISN] KGC Fines Absolute Poker $500,000 for Security Breach

From: InfoSec News (alerts@private)
Date: Mon Jan 14 2008 - 22:23:09 PST


http://www.cardplayer.com/poker-news/article/10594/kgc-fines-absolute-poker-500-000-for-security-breach

By Bob Pajich
Cardplayer.com
Jan 14, 2008

Absolute Poker Is Subject to Random Audits the Next Two Years

The Kahnawake Gaming Commission of Canada fined Absolute Poker $500,000 
for the way it handled the online poker cheating scandal that rocked the 
online poker world last fall. The KGC found that cheating did occur at 
the site for approximately six weeks starting Aug. 14, 2007, and that 
Absolute Poker attempted to cover it up.

The KGC released several startling details about the cheating scandal 
and undressed Absolute Poker for not reporting that cheating had 
occurred on the site to the KGC as soon as Absolute Poker knew cheating 
had occurred. The KGC also discovered that Absolute Poker tried to cover 
up the cheating scandal by deleting certain gaming logs and records and 
that the site failed to report the security breach within 24 hours of 
its discovery.

Those acts violate several portions of the KGCs Rules Concerning 
Internet Gaming. In fact, of the four rules that the KGC determined 
Absolute Poker broke in the wake of this cheating scandal, three of them 
are in place to ensure that protocol is followed and that records are 
kept to ensure the integrity of the game.

On top of the $500,000 fine, Absolute Poker is subject to random audits 
of logs and records for the next two years. The company has to pay for 
these audits and the KGC requires Absolute Poker to deposit a yet 
undermined amount of money in a bank account to pay for these audits.

The KGC found no evidence that the activities of the seven users who 
perpetuated this scam acted to benefit the company. It also found that 
Absolute Poker took appropriate actions after the cheating was 
discovered to prevent its system from again becoming compromised and in 
reimbursing the players who were affected by the scandal.

During the six weeks that cheating occurred on the site, people playing 
under seven different usernames wreaked havoc on Absolute Pokers players 
because they had an unfair advantage: They knew what the other players 
were holding.

Through a flaw in the way that hand histories were recorded, a super 
user with ties to Absolute Poker was able to see what everyone at the 
table was holding while the hand was in play. He would then pass on this 
information to his cohorts. But it didnt take long for the cheaters to 
get sloppy and start making near-impossible calls during big-money 
tournaments. Players became suspicious and found evidence of collusion 
within the hard histories that were requested. Once pressed, the company 
and the KGC acted.

The KGC also determined that although at least one of the cheaters was 
associated with Absolute Poker, they were not part of the Board of 
Directors or of principal ownership. The KGC requires Absolute Poker to 
cut its ties with the unnamed players and associates.

Online gaming consultation company Gaming Associates was hired by the 
KGC to conduct the investigation on Oct. 17. The report came out Friday, 
Feb. 11, and can be found here [1]. (Note: PDF file. Right-click and 
"Save As" to save the file to your desktop.)

[1] http://www.kahnawake.com/gamingcommission/KGC-AP-0111.pdf


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Mon Jan 14 2008 - 22:29:16 PST