AP, rigged, etc. #8981.4 - the plot thickens

[imabigdeal]

[ QUOTE ]
There was no superuser account.

Well, at least there didn't have to be one. There are a number of methods by which hole cards theoretically could be read without there neeeding to be a poker account with superuser abilities. From what I have read here, we haven't seen proof that the suspicious observer account was the account to which the hole card information was transmitted. We just know that the account was logged onto the table as an observer while the suspicious play occurred. It was logged on all that time, but we don't know it was used all the time it was logged on.

Theory 1) There was nothing special about the account. It was just being used by the observer to watch how well POTRIPPER was doing. The hole card information was being obtained by some other means involving inside access to the server.

Theory 2) There was nothing special about the observer account except that POTRIPPER or an accomplice knew its password. The account was merely used to identify which table the POTRIPPER account was playing at. This might account for the two-hand delay before the observer account arrived and POTRIPPER started acting psychic - the observer account was looking at other tables or reading the list of players/tables in the lobby. Once the person using the observer account confirmed POTRIPPER's location he just didn't bother to log off. Once the observer knew which table to scan, he used other system admin software to query a database or the server to get reports of cards dealt.

Theory 3) There was nothing special about the observer account, except its name. The presence of that particular observer at the table acts as a key to unlock the server to allow/cause it to transmit hole card information to some predesignated location.

Theory 4) There was nothing special about the account, but there was something special about the client it was running. Any account could use the special client software if they had it. It was the client software which had the special ability, not the account.

Consider this. The average player uses the same software client to play at a table or observe a table. The server sends information to all the clients at a table. Either
a) The server sends the same information to all clients and the client software picks which hole card information it needs to display - one player's or none, or
b) The server sends almost the same information to all clients. The only difference in what is sent is that player clients get only their own hole cards and observer clients get all players' hole card information but the client displays none of it, or
c) The server sends almost the same information to all clients. The only difference in what is sent is that player clients get their own hole cards and observer clients get no hole card information.
Of these three possibilities, the third is the most likely. It is more secure, and is consistent with what AP says about its software. However, it requires the server to send differential information depending on the status of the connected client. A special piece of client software could indicate a third possible status to the server, which causes the server to send all hole cards to that particular client. This obviously requires that the server be designed with this leak in mind.

In the case of the first two possiblities, there is no need to make any changes to the server code. The data is being transmitted. All it takes is a special version of the client that actually displays the hole card data.

Whichever of these possibilities applies, there is no need to have an account with special abilities. While it would have been more secure to make sure that only special accounts could use the special client, there is no absolute requirement that the client's use be restricted to certain accounts. Tight control of the distribution of the special client software might have been the only security precaution.

Do I really believe there was no superuser account? I don't know. I'm just trying to show that a supersuser account may not be required as part of a scheme to read hole cards. There are other possible explanations. I do not claim that the other explantions are more plausible.

[/ QUOTE ]

stfu?

[ZBTHorton]

[ QUOTE ]
There was no superuser account.

Well, at least there didn't have to be one. There are a number of methods by which hole cards theoretically could be read without there neeeding to be a poker account with superuser abilities. From what I have read here, we haven't seen proof that the suspicious observer account was the account to which the hole card information was transmitted. We just know that the account was logged onto the table as an observer while the suspicious play occurred. It was logged on all that time, but we don't know it was used all the time it was logged on.

Theory 1) There was nothing special about the account. It was just being used by the observer to watch how well POTRIPPER was doing. The hole card information was being obtained by some other means involving inside access to the server.

Theory 2) There was nothing special about the observer account except that POTRIPPER or an accomplice knew its password. The account was merely used to identify which table the POTRIPPER account was playing at. This might account for the two-hand delay before the observer account arrived and POTRIPPER started acting psychic - the observer account was looking at other tables or reading the list of players/tables in the lobby. Once the person using the observer account confirmed POTRIPPER's location he just didn't bother to log off. Once the observer knew which table to scan, he used other system admin software to query a database or the server to get reports of cards dealt.

Theory 3) There was nothing special about the observer account, except its name. The presence of that particular observer at the table acts as a key to unlock the server to allow/cause it to transmit hole card information to some predesignated location.

Theory 4) There was nothing special about the account, but there was something special about the client it was running. Any account could use the special client software if they had it. It was the client software which had the special ability, not the account.

Consider this. The average player uses the same software client to play at a table or observe a table. The server sends information to all the clients at a table. Either
a) The server sends the same information to all clients and the client software picks which hole card information it needs to display - one player's or none, or
b) The server sends almost the same information to all clients. The only difference in what is sent is that player clients get only their own hole cards and observer clients get all players' hole card information but the client displays none of it, or
c) The server sends almost the same information to all clients. The only difference in what is sent is that player clients get their own hole cards and observer clients get no hole card information.
Of these three possibilities, the third is the most likely. It is more secure, and is consistent with what AP says about its software. However, it requires the server to send differential information depending on the status of the connected client. A special piece of client software could indicate a third possible status to the server, which causes the server to send all hole cards to that particular client. This obviously requires that the server be designed with this leak in mind.

In the case of the first two possiblities, there is no need to make any changes to the server code. The data is being transmitted. All it takes is a special version of the client that actually displays the hole card data.

Whichever of these possibilities applies, there is no need to have an account with special abilities. While it would have been more secure to make sure that only special accounts could use the special client, there is no absolute requirement that the client's use be restricted to certain accounts. Tight control of the distribution of the special client software might have been the only security precaution.

Do I really believe there was no superuser account? I don't know. I'm just trying to show that a supersuser account may not be required as part of a scheme to read hole cards. There are other possible explanations. I do not claim that the other explantions are more plausible.

[/ QUOTE ]

You took so much time to write this post, and didn't even know the most basic parts of the story. lol @ you

[GaryTheGoat]

[ QUOTE ]
[ QUOTE ]
"While at Nine.com, AJ had a portrait done of himself that hung on his wall over his desk. The photo was a picture of him "American Beauty' style laying spread out on his futon covered in hundred dollar bills."

[img]/images/graemlins/blush.gif[/img]

[/ QUOTE ]
i'd def pay money to make him stand next to this picture while being heckled by a crowd

[/ QUOTE ]

How much sans the crowd of witnesses?

gg

[ikestoys]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
"While at Nine.com, AJ had a portrait done of himself that hung on his wall over his desk. The photo was a picture of him "American Beauty' style laying spread out on his futon covered in hundred dollar bills."

[img]/images/graemlins/blush.gif[/img]

[/ QUOTE ]
i'd def pay money to make him stand next to this picture while being heckled by a crowd

[/ QUOTE ]

How much sans the crowd of witnesses?

gg

[/ QUOTE ]

The shame effect goes down without the crowd.

[teddyFBI]

[ QUOTE ]
Something a little suspicious, although it's prob not important:

The cybersquatting ruling says that AJ was the owner of the impreshun.com domain name. Well, the whois info for that domain shows that it was re-registered just 2 days ago (roughly the same time the cybersquatting link first appeared in these threads) by an anonymous domain registrar. Is there any way of finding out what the whois info was for this domain 3 days ago? (e.g. before it was re-registered anonymously)

[/ QUOTE ]

bump

[F. McSimmons]

How can you guys keep up with this [censored]?

[h11]

[ QUOTE ]
I would not feel comfortable having a single dime on Absolute. Its not even the cheating that would worry me the most, its how unbelievably bad the company is run. The organizational structure is a mess and a front, obviously there are serious IT problems and lack of sufficiant controls, and the founders of the company are absolute crooks. You high limit players are playing with fire. The fact that they are trying to get players to deposit large sums of money by offering 10% interest is frightening. I wouldn't be the least bit suprised if a majority of this money isn't being invested at all and is instead being used to process cashouts for other players.

[/ QUOTE ]

I agree that they are poorly run, but they can afford to pay ten percent annual interest without investing the deposits. I think it's fair to assume they get in rake one percent of the deposited amount per day.

[Dan Druff]

I highly doubt that Scott and AJ were stealing $7 million from AP over the years.

As a longtime AP high-limit player, as much as I hate to do it, I have to defend them against this allegation.

First off, I am not asserting that the superuser account was first abused in August, 2007. I have reason to believe that it was abused as far back as early 2006, and some of you know what I'm talking about. However, I believe that these abuses were only sporadic, thus the reason it took this long for everyone to catch on.

How am I reasonably sure that 7 million wasn't taken from the site?

Because I was there. There, as in an active player on Absolute Poker for nearly 3 years. I played the highest limit games they had to offer, and never did I see anything even closely resembling the recent debacle. Keep in mind that, until 2006, AP did not spread limit games above 75/150. They only had 50/100 as recently as early-mid 2005. I don't know when their big NL games were added, but I think they are also a relatively recent development.

Given my high level of activity on AP, I got to know who was winning and who was losing. The big winners -- at least on the limit side -- were all people I either knew personally or knew of through others. There were no mystery men completely destroying the game, nor was there any play that seemed to indicate the abuse of the superuser account.

The only way that 7 million would have been possible would be through the tournament scene. I suppose it was possible for Scott Tom and friends to have set up multiple dummy accounts for tournament wins, and then utilize the superuser in order to win a lot of them (basically a different one wins every time). I find such a scenario highly unlikely, as their pattern of stealing this summer did not have any such subtlety. If anything, it was shockingly reckless.

Now, once again I am not stating that the superuser remained unabused prior to August, 2007. I have a feeling that it was used sparingly -- perhaps during flashes of greed, against players disliked by the management/ownership, or just to mess around and laugh at the "dumb" poker pros who don't realize they're being fleeced. However, 7 million is a HUGE number to take out of a site like AP, which honestly was relatively small up until recently. There's absolutely no way this could happen without detection or suspicion, especially given that we know this now and active players from the past would be reminded of huge winners that seemingly could not make a mistake. There are no such mystery men to my knowledge, and most pros I know ended up winning about what they expected to win there.

This whole scandal has all the makings of egotistical punks who generally curtailed their "superpower" until the temptation just became too much. The way they exploded with excitement, both by words and actions, as they robbed us blind was reminiscent of a high school kid who gets to grope a girl for the first time in his life.

If I had to guess, I would say the superuser was abused here and there -- kind of like an occasional guilty pleasure -- until AJ and Scott tried it with a bit more regularity and realized how much they truly enjoyed it.

[misterwolf]

A little background on AP's outsourcing of security and technology services:

2004: Interactive Gaming Security Network provided a third party audit and "managed security solutions" to Absolute.
http://gambling.co.uk/news/gambling-...xperience.html
(see bottom of press release)

retired IGSN website
http://web.archive.org/web/200608051...tp://igsn.com/

2006: Arizona Bay (IGSN's parent company) is retained to provide "a rapid development and deployment of technology and human infrastructure to support Absolute Poker’s rapid growth objectives."
http://www.prweb.com/releases/2006/5/prweb384543.htm

http://www.arizonabay.com/about/

Arizona Bay is run by the former CEO and President of Neteller, Gordon Herman and one of Neteller's founders Jeff Natland.

Last year Natland covered his Ferrari F430 with Absolute branding for a promotional cross country car rally. This idea came up while "getting drunk" with Absolute senior management.
http://www.bluffmagazine.com/magazin...6/june/066.asp


As of last year, Arizona Bay's, Senior Consultant, Curtis Olson was acting as Absolute's Vice President of Technology.

Cliff Notes:
Company run by Ex-Neteller execs audited and then managed AP's security in 04.
In 06 engaged to provide additional technology services including installing their consultant as VP of Technology for AP.
Management of both organizations were drinking buddies.
Since last summer, Arizona Bay has carefully tried to minimize their association with Absolute.

[apefish]

If we believe the story that AJ Green bought in as an investor at some point after startup... how do he and Tom cross paths to know each other? Seems knowing this part unravels many other connections.

And while it's mostly speculation at this point- with a newer dollar amount possibly in play I think questions like this are more relevant.

Also... the dramabomb got me all fired up.