http://www.cardplayer.com/poker-news/article/4279/owner-of-ultimatebet-confirms-security-breach
By Bob Pajich
Cardplayer.com
May 29, 2008
Former Employees Had Access to Opponents' Holecards for 21 Months
Tokwiro Enterprises, the company that owns both Absolute Poker and
UltimateBet, today released a statement confirming that cheating had
gone on at UltimateBet by people who, according to the release, "worked
for the previous ownership of UltimateBet prior to the sale of the
business to Tokwiro in October 2006."
The player or players behind the 18 screen names that were identified as
being corrupted have not been named. Tokwiro will refund players their
losses once the investigation is complete. The usernames that were used
to cheat are: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33,
ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA,
stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser,
and WhoWhereWhen.
The cheating was able to take place because the perpetrators had access
to what Tokwiro is calling an "unauthorized software code" that allowed
the cheaters to see their opponents. holecards. The cheating took place
from March 7, 2006 to Dec. 3, 2007, and it.s not known how much money
the cheater(s) illicitly won.
As soon as the cheating was suspected, Tokwiro said it contacted the
Kahnawake Gaming Commission (KGC), the most used online poker regulatory
commission, to start the investigation. Tokwiro is mandated to contact
KGC if any suspicious activety might be taking place.
This is the second cheating incident to hit the company since it
purchased Absolute Poker and UltimateBet. The first occurred when it was
discovered that several players at Absolute Poker also had access to
software that allowed them to see opponents. holecards.
The entire press release, which provided a timeline of the incident,
follows:
MONTREAL, CANADA (MAY 29, 2008) --- Tokwiro Enterprises ENRG
("Tokwiro"), proprietors of UltimateBet.com ("UltimateBet"), one of the
world's largest online card rooms, today announced the results of its
lengthy investigation into allegations of unfair play, which was
triggered by concerns about an account named 'NioNio'. Tokwiro has
worked diligently in cooperation with its regulatory body, the Kahnawake
Gaming Commission ("KGC"), and with independent third-party experts to
conduct a thorough investigation that included a comprehensive review of
hand histories and game data, thorough analyses of software and network
security, and audits of its security practices and procedures.
The investigation has concluded that certain player accounts did in fact
have an unfair advantage, and that these accounts targeted the highest
limit games on the site. The individuals responsible were found to have
worked for the previous ownership of UltimateBet prior to the sale of
the business to Tokwiro in October 2006. Tokwiro is taking full
responsibility for this situation and will immediately begin refunding
UltimateBet customers for any losses that were incurred as a result of
unfair play.
The fraudulent activity was enabled by unauthorized software code that
allowed the perpetrators to obtain hole card information during live
play. The existence of this vulnerability was unknown to Tokwiro until
February 2008 and existed prior to UltimateBet's acquisition by Tokwiro
in October 2006. Our investigation has confirmed that the code was part
of a legacy auditing system that was manipulated by the perpetrators.
Gaming Associates, independent auditors hired by the KGC, have confirmed
that the software code that provided the unfair advantage has been
permanently removed.
Throughout the investigation of this incident, Tokwiro's consistent
priorities have been:
* To permanently remove the ability to engage in unfair play;
* To complete its investigation and come to a full understanding of
what occurred;
* To refund the affected customers; and
* To implement measures that prevents future incidents.
The Company said, "We would like to thank our customers for their
patience, loyalty and support, as well as for their understanding that
we are doing everything we can to correct this situation. The staff and
management of UltimateBet are fully committed to providing a safe and
secure environment for our players, and we want to assure customers of
our unwavering resolve to monitor site security with every resource at
our disposal." Investigation Timeline
These are the key events in the course of the incident.
* January 2008: UltimateBet is alerted to suspicions of unfair play
on the part of the account "NioNio". Within 24 hours, UltimateBet
contacts the KGC to provide formal notice that UltimateBet has
initiated an investigation of the incident.
* UltimateBet subsequently forwarded a copy of all related data to
the KGC.
* January 2008: The "NioNio" account and related accounts are
suspended pending further investigation.
* February 2008: Preliminary findings indicate abnormally high
winning statistics for the suspect accounts. After discussions
with the KGC, UltimateBet engages third-party gaming experts to
assist with the analysis.
* February 2008: Investigators confirm that the suspect accounts are
associated with individuals who had worked for UltimateBet under
the previous ownership.
* February 2008: UltimateBet discovers the unauthorized code that
allowed the perpetrators to obtain hole card information during
live play. The code was part of a legacy auditing system that was
manipulated by the perpetrators of the fraud.
* February 2008: UltimateBet immediately removes the unauthorized
code and works with the KGC and with third-party auditors to
verify that the security hole has been eliminated.
* March 2008: Six player accounts are confirmed to have participated
in this scheme. No accounts were deleted at any point, although
some account names were changed multiple times. The following
account names are known to have been used in the fraudulent
activity: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33,
ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA,
stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty,
NYMobser, and WhoWhereWhen.
* May 2008: The investigation confirms that the fraudulent activity
took place from March 7, 2006 to December 3, 2007.
* May 2008: Gaming Associates certifies that the software code that
enabled unfair play was removed from UltimateBet servers in
February of 2008.
* May 2008: Customers affected by this incident are identified, and
plans for corrective action are reviewed with the KGC.
Corrective Actions Taken
* The following actions have been taken or are currently underway as
a direct result of this investigation.
* The security hole identified in UltimateBet's investigation has
been permanently eliminated.
* UltimateBet is establishing a state-of-the-art software Security
Center that consolidates and greatly enhances existing security
capabilities. The first release of the new Security Center focuses
solely on the immediate detection of abnormal winnings. Gaming
mathematicians, poker professionals, and security software
developers have all contributed to the specifications for the new
Security Center.
* UltimateBet customers are no longer permitted to change account
names unless they have suffered abuse in chat rooms. Requests for
changes must be supported by proof of abuse and must be approved
by the Chief Compliance Officer.
* In addition to its existing security department, UltimateBet has
established a new specialized Poker Security team of professionals
dedicated to fraud prevention.
* The refund process will begin immediately. The accounts associated
with fraudulent activity did not use an unfair advantage in all
play sessions. Regardless, UltimateBet is refunding all losses to
these accounts.
* Accounts related to the fraudulent activity have been disabled,
and the individuals associated with those accounts permanently
banned from the site.
* UltimateBet has worked closely and transparently with its
governing body, the KGC and its designated expert auditors, to
determine exactly what happened, how it happened, and who was
involved, and has taken action to prevent any possibility of this
situation recurring.
* Tokwiro is pursuing its legal options in regard to this incident.
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sat May 31 2008 - 01:44:29 PDT