[aig]

There are several ways/methods how he knows opponent's cards.
What *is* known is that he can "only" see opponent's hole cards. He knows hole cards of *every* opponent and not just some. He cannot see community cards and from here we can draw following conclusions:

* He infected each player individually with trojan horse
- unlikely - He must get player's IP + player's computer
has to be vulnerable

* He hacked into main server (where cards are dealt,
evaluators, rngs are)
- unlikely - he would have seen community cards also

* He hacked web server (with SQL injection, XSS, etc... or
is web designer with access to this server)
- most likely - all he had to do is add a backdoor in AP's
software and replace it with one on the server. He needs
to do this only when AP is upgrading and only for one
upgrade. Later upgrades doesn't need to be backdoored
anymore since your computer stays compromised from first
upgrade. Of course he can put trojan in next upgrade if
he wants to infect new players.

* Java based client
- I haven't looked into it but it is possible Java client
is getting some data that shouldn't be sent (hole cards)