Absolute Soulreading/Rigged thread #3

[_dave_]

[ QUOTE ]
[ QUOTE ]
or 2) Absolute has some security/management feature that allows them to see hole cards in real time to check for cheating. Someone at AP has either been passed this log-in in to the crooks or has hacked into this security feature somehow.

[/ QUOTE ]

ding ding ding ding ding

[/ QUOTE ]

I personally think this "single table only" approach lends much more credability to the hacker/network intrusion than to an inside job.

I mean, why on earth would an internal security tool be limited to observing only one table, while the subject under investigation could be playing up to six?

Also, presuming it is a network attack (e.g. Absolute's primary router has been compromised and is spewing traffic for all players at the tables to the hacker) , it would be much easier to filter/order if you only had a single target table to scan/decrypt, no? And if they have to do some form of cracking/decryption, it may be quite the CPU intensive process, so a single table is all some serious CPU power can do at this time.

Bah, who knows... rambling thoughts [img]/images/graemlins/confused.gif[/img]

One thing I'd love to see is for PokerStars Jeff / FTP Doug/Sean or whoever to chime in here and give some insight in to the proactive measures they take to prevent such things, but I doubt that will happen - other site reps tend not to pounce on their competitors under such situations, it seems so far.

dave.

[iron81]

I don't think single-tabling is good evidence of a login program that they only had one copy of.

1. We've already decided that the cheaters aren't very good at poker. Well, how do most fish play poker? They play one table.

2. I doubt there are multiple nosebleed stakes games going on Absolute at any one time. Maybe there weren't games available for the cheaters to cheat. Although, given the image these guys had, they could probably get action. Do any of the hands reflect heads up cash game play?

[adanthar]

[ QUOTE ]
[ QUOTE ]
None of the superuser accounts ever played multiple tables, either in tournaments or in cash games, even though the guy had access to five separate accounts.

[/ QUOTE ]

Are we sure none of the 5 were ever playing at the same time and never playing multiple tables?

[/ QUOTE ]

yes

[ QUOTE ]
[ QUOTE ]
But if it's a program, why not just run multiple copies of it, even on another PC if you have to, to allow you to multitable? Answer: because it's not a program. It's a login/password that allows you to look at 1 table at a time

[/ QUOTE ]

This makes alot of sense. But why can't this login/PW combo open up multiple tables?

[/ QUOTE ]

As an anti-cheating tool, there's no reason for it to have multitable capability - you'd only use it to observe one table at a time. It'd be an internal tool used solely to observe stuff like collusion in real time, etc., or maybe as a debugger - no need to program in the extra complexity, or perhaps limiting it to one table is also a security feature.

[ QUOTE ]
[ QUOTE ]
and the reason the cheater only played 1 table was because he only had the one login/PW combination.

[/ QUOTE ]

These were obviously very unsophisticated cheaters. Are we just expecting them to multitable? Or does the feature only give the user access to one table?

[/ QUOTE ]

I mean, if you could earn 400 BB an hour, why not earn 800 BB an hour? You don't need to be good at poker to figure that part out. They'd be *real* idiots not to even 2 table...but they couldn't.

[ QUOTE ]
[ QUOTE ]
it's an internal program that was compromised.

[/ QUOTE ]

This seems the most likely. But I still think an external hack is possible. It may take that alot of effort to compile 10 streams of data to different users into one readable format the hacker can use in real time. Just speculating here.

[/ QUOTE ]

That'd be an encryption hack, and the problem with that theory is simple: if you can decrypt one table using one computer, you can decrypt two tables with two computers. A decent second hand P4 is like 200 bucks these days, and any halfway competent script kiddie who stumbled on this goldmine would have to have thought of that. Also, it assumes AP even sends other people's hole card data to the client - doubtful.

Like sethypooh said, it's speculation, but I think it's the piece that puts everything else together. Now we know why AP is stonewalling - they can't *possibly* admit something of this magnitude.

[pokerstudAA]

[ QUOTE ]
I personally think this "single table only" approach lends much more credability to the hacker/network intrusion than to an inside job.

I mean, why on earth would an internal security tool be limited to observing only one table, while the subject under investigation could be playing up to six?

Also, presuming it is a network attack (e.g. Absolute's primary router has been compromised and is spewing traffic for all players at the tables to the hacker) , it would be much easier to filter/order if you only had a single target table to scan/decrypt, no? And if they have to do some form of cracking/decryption, it may be quite the CPU intensive process, so a single table is all some serious CPU power can do at this time.

[/ QUOTE ]
These were my thoughts also. I would imagine it would take a good amount of computing power to indentify and intercept the data streams to 9 other users at your table from as much garbage flowing from Absolutes computers. Mabye the hack was written to only identify and provide info on one particular table.

[adanthar]

The hack worked for both cash and MTT's, and it could be repointed at a new table within a 10-30 second timeframe. In other words, it worked in pretty close to realtime. Even if only 1 copy could run on 1 computer at a time, computers are cheap...

[adanthar]

BTW, I don't think this is a 100% scenario on the same order of that the cheating actually took place...but I think it's by far the most likely explanation. Given the AP stonewalling it's probably > 90%.

[_dave_]

[ QUOTE ]
The hack worked for both cash and MTT's, and it could be repointed at a new table within a 10-30 second timeframe. In other words, it worked in pretty close to realtime. Even if only 1 copy could run on 1 computer at a time, computers are cheap...

[/ QUOTE ]

This is kinda what I am hinting at, maybe it doesn't jsut work on one computer?

Maybe it works on something much more powerful like a small cluster or a botnet (if it has to break encryption) - or maybe it is a comprimised router/firewall that is only able to tag clone/redirect one table's worth of pattern matching at once?

EDIT: the 10-30 seconds required for "re-pointing" also seems to indicate outside hack rather than inside security tool - why would an internal tool need to do this? I would imagine an internal tool need just the name of the table or whatever then insta-view (probably with rewind capability also, which these guys seem not to have IIRC)?

[caught_clean]

OK SO POKERTRACKER GETS HACKED....SUPER USERS TURN UP...OJ GETS CAUGHT DOING [censored] AGAIN....THEN SHEIKY IS GETTING DEPORTED... STAY WITH ME GUYS

[pokerstudAA]

[ QUOTE ]
The hack worked for both cash and MTT's, and it could be repointed at a new table within a 10-30 second timeframe. In other words, it worked in pretty close to realtime. Even if only 1 copy could run on 1 computer at a time, computers are cheap...

[/ QUOTE ]

True. But the one insider account/PW theory relies on the fact that this account was limited access to holecards of only one table. I guess they might do this for security reasons but I also think whoever had access has proved to be a moran - so automatically expecting them to multitable if they could is a bad assumption.

Another missing detail is how the cheat(s) had access to multiple existing accounts. I am guessing the cashout plan was through massive chip dumping to Renaldo?

[adanthar]

Well, like I said, AP probably doesn't send hole card data out to every client to begin with. That's pretty much rule #1 of every online video game, and those aren't built for nine digit amounts changing hands.

Then...he's a hacker with 5 AP accounts, a significant amount of money on those accounts to begin with and a botnet, but doesn't get another botnet from IRC? I hear those are a dime a dozen in there.

You're just giving this guy far too much/too little credit simultaneously. What's more likely, a super whiz kid hacker that doesn't have the resources to open up another table, or a security monkey (remember, the same kind of monkey that's busy denying anything's wrong in broken English while being paid minimum wage) with a grudge and a password?