
How online gamblers unmasked cheaters - peter123
http://news.cnet.com/8301-1023_3-10110040-93.html?part=rss&subj=news&tag=2547-1_3-0-20
======
peakok
Interesting, but definitly not surprising. When I was younger I found a way to
hack a poorly designed online quizz, tied to a very famous french radio quizz.
It was pay per play, with a 1000 euros weekly winner (400 euros for the
second, 100 for the third).

The hack will make you laugh : right click on the flash app, select "Stop",
and enjoy unlimited time to answer the questions instead of the 10 secs
countdown. Then, when I was ready to submit the answer, I'd change my Windows
clock time back in time since you'd have to be the fatest player as well.

But the interesting part is how I started playing this quizz. One night, very
very late, I bumped into the site and I decided to try the practice mode, wich
was free. I started the quizz, and I had a surprise when I discovered that a
small white asterix showed next to the right answer every time. I thought that
it was dumb even if it was the practice mode and I suspected something wierd
was going on, so I immediatly started a real paying game to verify my
suspicions. Again, a white asterisk would sit next to the right answer.

You'd have to answer 5 grids of 10 questions successfuly to make the best
score, then the winner would be the overall best time. I managed to finish the
1st grid, then in the middle of the second one, the white asterisks suddenly
disappeared. This is when I understood what happened : the admin was probably
cheating the game, and he made a mistake wich made the asterisks visible by
everyone instead of himself only.

Still, the game was under French juridiction and supposely enforced by an
"Huisser", like every other game in France. My bet is that the huissier didn't
understood jack about computers and didn't care at all about this internet
quizz.

I talked about this quizz to my best friend and we quickly discovered the
exploits. We figured out that if we set the Windows clock back in time before
I even started to answer the question, the final time per question would be a
couple of hundreds milliseconds, varying from 50-300.

So I decided I would take my chance against the admin and try to win the 1000
euros, wich was plenty of money for a teenager. It was still a lot of work
because most of the questions were insanely difficult and even with Google it
was often hard to find the answer. As a matter of fact, the quizz was plain
impossible to answer for a human.

Nevermind, with a lot of patience and a couple of days, I managed to answer
the 5 grids with an amazing final time, I figured out that if the admin was
cheating, then he couldn't say anything. The game would automatically ends at
midnight every Sunday and declares the winner. I did the last grid on Sunday
evening so that I wouldn't appear in the high scores too early and the admin
wouldn't suspect anything.

I watched anxiously the table of scores and as midnight approached I started
to relax, nothing unusual happened. Then suddenly, at 23:45, 15 mins before
the game would end, a player appeared out of nowhere in the scores and was
quickly climbing the ladder. I knew it was him.

When he finaly ended his fifth grid, he reached the top scores, but only took
the second position because I had a best overall time, so my plan worked
perfectly as I knew he wasn't prepared for this. A couple of seconds later,
the game ended and I was declared winner. I was given a phone number I had to
call to claim my reward.

On the next day, I dialed up the number. When he picked up, you could almost
hear the spider webs being removed from the phone :

\- "Hello ?"

\- "Hi, I won the game yesterday, and I was given this number to call."

\- "Ohhhh, it's you", his tone was priceless. You could guess I was the first
person ever claiming the reward. At this moment, I knew he knew and he knew I
knew. He asked for my details and told me I would receive the check soon.

I tuned up to the radio show in the afternoon, and waited for my minute of
glory. "And congratulations to our internet winner of the week, ________,
living in __ __, for winning the 1000 euros". Good.

A couple of days later, I received my 1000 euros check and I went to see the
updated list of winners on the site. Unsurprisingly, I was the only one listed
with a real name instead of a nickname and an actual town showing in the
details.

The following week, I decided I would beat the admin again, for my best friend
this time. I tweaked my tactic a bit so I would valid the last grid in the
last minutes. It wasn't as easy as it sounded since the pages had an
expiration time, but I figured it out.

This time, the admin figured out he should make a better score and his final
score was much better than the last week. Still, I had predicted it and when I
valided my last grid with a nearly perfect overall time (50 questions in about
20 secs), it was too late for him and I won again.

My friend called and he received his check. The rules wouldn't allow us to
participate again before 6 months, but I knew there was a time to stop, and we
decided to never participate again. Moreover, I had beaten the admin twice and
that was my main satisfaction, and I knew I had played all my cards and
beating him again would be very difficult if not impossible.

The third week, I went to check the winner and his overall time was indeed
ridiculous. It was clear the admin was unbeatable from now. Well, in one sense
only, because a couple of weeks later, the winner prize turned from the 1000
euros to a ticket to participate in the actual radio show. I laughed hard,
because I knew I forced the admin to make unbelievable times and they figured
out he was cheating. I don't know if he was fired, but he certainly didn't
have a 4000 euros monthly bonus anymore.

Since this time, I have a different look on this kind of games, especially
when there is an admin behind. Moral of the story : Poker is no exception, and
if you cannot fully trust the admin, even with the best legislation, you
cannot trust the game either.

~~~
zandorg
Me and 2 friends won a $13,000 (7000 GBP) car in 2000, sold it and split it 3
ways. It was an online competition. First off, you had to press keys on the
keyboard, while moving the mouse in a perfect circle for as many hours as
possible. We stayed up 40 hours, put a macro on the mouse, took our turn at
the computer hitting keys. Then split the prize when we won. When we got to 40
hours, beating everyone else, that was a very jubilant 6am.

------
matt1
I've followed this since it started; it has understandably caused a great
amount of anxiety in the online poker community. Almost everyone was happy
that the cheating was exposed, but I think most players would have preferred
it if the 60 Minutes episode had not aired.

Prior to the 60 Minutes piece, knowledge of the cheating was limited mostly to
online poker aficionados. Now that it has received national media coverage,
casual poker players everywhere are likely to hear about it. People who were
already hesitant to play because of online poker's grey legality and funding
difficulties are not going to be swamped with "Oh, you know online poker is
rigged. I saw it on 60 Minutes." Combine that with the waning interest in
televised poker and the UIGEA legislation and you've got a bleak outlook for
the future of online poker.

In the end, I think the 60 minutes episode will deal in a much greater blow to
online poker than the money the cheaters stole.

~~~
johns
So basically you're saying the rich online poker players don't want all the
noobs they leech off of to leave and this is a bad thing?

~~~
matt1
If you depend on online poker for a living, yes, it is.

------
aidanf
Here are some more links.

The 60 minutes segment:

<http://www.cbsnews.com/video/watch/?id=4639016n>

The Washington Post articles:

[http://www.washingtonpost.com/wp-
dyn/content/article/2008/11...](http://www.washingtonpost.com/wp-
dyn/content/article/2008/11/29/AR2008112901679.html)

[http://www.washingtonpost.com/wp-
dyn/content/article/2008/11...](http://www.washingtonpost.com/wp-
dyn/content/article/2008/11/30/AR2008113002006.html)

A summary of the original Twoplustwo investigation into the UB scandal. This
is much more detailed and accurate than the reports linked above:

[http://forumserver.twoplustwo.com/29/news-views-gossip/ub-
sc...](http://forumserver.twoplustwo.com/29/news-views-gossip/ub-scandal-
sticky-251207/)

------
mattmaroon
Interestingly these people would never have been caught (at least not by other
players) had they been smarter about it. They could have made 100x what they
did over a long period of time.

I've thought a bit about how I would do it if I had that opportunity and were
trying to maximize profits without getting caught. It's an interesting thought
experiment really. I'd probably do something like have preset starting hand
standards that are on the loose side of what a winning player might have and
stick to them religiously. Then I'd largely only use the cheating software on
the river. I wouldn't call bluffs much, though I'd raise all-in against them
frequently (since presumably the bluffer would fold and nobody would then see
your hand). Etc.

~~~
matt1
I think even if you tried, your PokerTracker stats would be abnormal, even if
you only used your advantage sparingly. For example, the river strategy you
proposed was what resulting in the monstrous river aggression factors that
identified many of the accounts in question.

It'd be tough -- agreed that its an interesting thought experiment.

~~~
mattmaroon
They would be abnormal, but not egregiously so, especially if you were careful
to change accounts periodically, or perhaps just paid off a better hand a few
times for posterity. What tipped them off in the first place was people
playing every hand preflop in a tournament and winning.

------
mattmaroon
I can attest first-hand to the uselessness of the Kahnawake Gaming Commission.
I was involved about a decade ago in proving that the blackjack games dealt by
a couple casinos was rigged. Someone much smarter than me proved conclusively
that they were dealing seconds, meaning that if the dealer's card would have
busted him, instead it was digitally tossed out and replaced by the next card,
totally unbeknownst to the user of course.

The KGC was given a record of hands that any stats professor would have been
able to use to verify it. They did nothing.

------
paul9290
Here is the 60 minutes 10 minute clip

<http://www.cbsnews.com/video/watch/?id=4639016n>

Im an avid viewer of 60 minutes, 48hours & CBS evening news since they put
them online in a simple Hulu like format!

------
alexandros
I wonder if a provably unbiased distributed gambling application cannot be
made so as to guard against the potential for such attacks.

Generating random numbers in a distributed and uncheatable way is already
possible, I wonder what is holding this back.

~~~
patio11
The problem isn't bias -- the problem is one actor having more information
than the others, earlier than the others. There is no evidence that the RNG
was anything other than fair.

A related attack on poker is just stuffing a game with colluding players. You
don't have to know player A's cards to beat him in the long run if you know
the cards of B, C, D, and E (and, if you want to get really tricky -- they can
know yours, too!).

Plus, given that this is online poker, you can have players B, C, D, and E be
bots, programmed to talk to your server to get the odds, throw enough hands to
look reasonable, and bet big only once in a while when their collusion means
The Syndicate rakes in the moolah.

Example: the flop is 5, 6, 7 with 3 different suits. The best hand from The
Syndicate is pocket 7s, which is (poker amateur hour commences) pretty strong
but not unbeatable. Everybody is out but one player. The next card is shown,
and it is a 3. There are two worlds the game could be in now: the world where
there are fours available, in which case the adversary might have one. Then
there is the world with no fours available, in which case The Syndicate has
the best possible hand and will only lose by a freak accident.

The adversary goes all in. The Syndicate checks with the other TEN cards from
the deck they saw, notes that they've seen three of the 4s already, and calls,
with a smile on his face. (Again, amateur poker player but I'm thinking this
is a 95%+ win for the syndicate.)

~~~
alexandros
Your point is valid, translating existing games which are built on a set of
assumptions (physical presence -> unique non-communicating players, physical
deck + shuffling -> unique cards and true randomness) may not be translatable
to an online experience in a sustainable manner.

I was refering to the general problem of not being able to trust the single
point of control, which applies to all types of online gambling. In this
context, I was wondering why games that can be gambled on have not appeared
that work in a fully distributed manner.

~~~
njharman
Because it doesn't solve the cheating described in the post you replied to.
Distribute all you want but if 5 of 6 players are colluding player #6 is gonna
be screwed.

~~~
alexandros
there is a way to derrive an unbiased random number, even if everyone else is
cheating. take this:
<http://everything2.com/title/Coin%2520tossing%2520protocol> and extend for N
participants and results from 1 to N.

Given this, a lot can be done.

------
Devilboy
This is a great story, the only sad thing is that most of the affected high-
stakes players still do not have their money back, and the companies involved
still maintain their innocence blaming 'previous management' for the scandal.
The latest news is available on the popular twoplustwo poker forums.

