Nat Arem's Blog

Alright, a lot of the outside traffic has finally died down, so I can resume normal posting without fear of confusing non-poker people.

First, thank you to everyone who has come forward to thank me for my role in this whole investigation. I appreciate all of the kind words and I was happy to do what I did. In case people haven’t reasoned this out among themselves, here’s why I stepped forward to help solve this cheating:

For the longest time, people have asked me why online poker is safe. I’ve always said that the big sites with significant traffic are safe because the site has way more to lose if found out than they stand to gain via cheating. I actually think a strict EV calculation might tell them *TO* cheat because it wouldn’t be that hard to cover up if they’re careful, but the problem is that it’s a huge gamble and one that most are not willing to take when they’re raking in millions anyway. So, for the first time, this theory was put to the test. Would a site pay dearly for doing this? I wasn’t so sure, but I wanted to do what I could to make sure they did. Not because I have a vendetta against AP or whoever did this (I didn’t know at the time), but because I knew they cheated from seeing the hands and I knew that punishment needed to be dished out on some level. Everyone in the industry saw those hands and everyone knew there was cheating going on. What if another site saw this and saw AP get away from it? Not only would AP not be cleaned up, but it would embolden others to cheat. So that’s why I pursued it, regardless of the negative press for online poker that was sure to follow. In my mind, it was better to take the pain of short term bad press than it was to allow this to go unpunished.

Second, I have to thank all of my sources. A lot of people stepped up to provide me with information. I wish I could name them all by name and and outline what they told me, but that seems like a bad idea (obv). While a lot of people give me credit for discovering a lot of information on this situation, I could not have done it if the information wasn’t provided to me in some shape or form. As many people know, I was some sort of information channel for getting information from the sources and spreading it out via myself and other posters at 2p2 and P5s. Thank you to all who helped in this regard. I did not want to be the sole poster of information for many reasons, a lot of which should be obvious. In addition, other people came up with some terrific information that helped to completely blow the cover off of the attempted cover-up that was happening at AP.

The actual discovery of the info in the file was conducted by a number of people. As I mentioned in my previous post, snagglepuss from 2+2 is the first person I know of to say there was something wrong with those two guys in the file. Haley from PokerNews told me that the email domain was suspect and should be scrutinized. While I was the one to “put it all together” and post about it, other people really helped me to move it along. My blog entry below about the IP evidence might seem like a simple discovery process — it wasn’t. It took a lot of smart people to put all of the pieces together considering the size of the file. It only seems simple when you look back on it and see the whole story.

Third, I just realized this blog is reading like some bad thank you speech. It really isn’t meant to be that. There’s a long way to go here. I’ll move along…

Anyway, a lot of people ask me what I know, what I’ve uncovered, etc, etc. I think it’s important to hold onto a lot of information. I’ve seen a lot of things from sources over the last few weeks. The only reason I even sent any of it to anyone else is because of the general theory that scandalous information is safer in the hands of many than the hands of few. Otherwise, I would have held onto it for the reason that I did not want it to be leaked back to the management of AP what I knew or didn’t know. At the moment, a few people hold copies of the information that I’ve received to ensure it’s safety. But, assuming AP is forthcoming and their statements line up with what I know, I will not release it. It isn’t like I am trying to hold anything over on AP, but I can’t make this too easy to get away from. The current theory is that their now-ousted highly regarded consultant was the source of the lies in the press releases — they will need to prove that to me over time.

I’m sure that the weeks and maybe even months ahead will be very interesting for both AP and online poker in general. I really and genuinely hope that this changes online poker positively going forward. In addition, I firmly believe this week to be the most significant in the history of online poker and I’m honored to have been a part of it.

I’ll be posting a lot more about this subject as time goes on.

So AP plans on admitting that their systems were compromised (see this post). I am cautiously optimistic that their statement will be truthful. While I would like to say congrats to everyone involved here, I want to see the statement/actions first.

Also, on a sidenote, this is a graph of my recent blog traffic:

I am not showing the actual numbers because they aren’t relevant, but trust me when I say that I usually have pretty good blog traffic. For whatever reason, a lot of people stop by here on a regular basis. So that graph shows just how much this AP stuff made it jump.

Also, I have not been posting much because so many people from the “outside world” (aka, non-poker people) have been directed here and I don’t want them to be confused looking for the “The AP Situation” post. So if you’re coming here from somewhere that discussed Absolute Poker, look down to the next post.

Once all of that traffic calms down, I’ll start posting more about this stuff.

This is getting pretty big. It’s hard to be #1 on digg, but once you get there, you climb FAST. digg this if you haven’t already.

http://www.digg.com/security/Major_Online_Poker_Room_Caught_Cheating_2

Okay, so, anyone who follows 2p2 or P5s or a lot of other forums has probably noticed all of the Absolute Poker uproar. If you don’t know about it, here’s the basic idea…

CrazyMarco, a well-known online tourney player, played in a 1K AP tournament on 9/12/07. The tournament was won by a player named POTRIPPER who made a crazy call with T high against Marco’s 9 high flush draw. In the following days, Marco emailed with AP support and asked for a hand history so he could review POTRIPPER’s play at the final table. There were rumors that POTRIPPER could see hole cards and he wanted to follow up because of the possibility that he was cheated. On Friday Sept 21st, AP sent Marco a huge excel file (10 mb and a full 65,536 rows, the excel limit for most versions being used currently). He didn’t think much of it and it was too scambled and complicated to analyze, so he put it on the backburner for the time being.

Fast forward a few weeks. Marco, along with his roommate Jared “TheWacoKidd” Hamby, decided to take a look at the file. This happened sometime around October 12th or 13th as I understand it. They realized soon after that AP had send Marco ALL of the hole cards in the hand history. This, of course, allowed them to watch how POTRIPPER played and to examine what hands were at the table when POTRIPPER was/was not playing hands. It quickly became apparent to all who saw the history that POTRIPPER was cheating and, somehow, knew peoples’ hole cards. You can view the hand history on PokerXFactor here. One thing to note is that the spreadsheet only had the first 2 hours and 20 minutes of the tournament because of the Excel line limit, so the hole card access somewhat cuts off around hand 94.

Anyway, I noticed posts talking about this Excel file. On Saturday, MrTimCaum sent me a copy of the spreadsheet. I started to play around with it and noticed that there was random IP/email/user id data interspersed with the player actions. It wasn’t clear at first exactly what the info meant. It didn’t seem like the info pointed to people at tables for the following reason (click image for full size):

The IP info looked something like that. It told me when someone “entered” a table, what their email was, what their IP was, what their user id was, etc. Note that I changed all of the info in this line to protect the privacy of the real data. I put in my email address for the hell of it. Anyway, there were 845 lines with either “TABLE_ENTER” or “TABLE_LEAVE” and through some analysis, I realized that there were tons of players in the event who I knew and they never appeared in the “TABLE_ENTER” or “TABLE_LEAVE” lines. Eventually, we figured out that Enter and Leave lines were recorded for people who were logged into the software and opening or closing the table, but not seated at the table.

Next, I analyzed the lines related to table 13, where POTRIPPER was seated. 2+2er snagglepuss, who I forwarded the spreadsheet to, had already pointed out to me two sketchy observers, one of whom opened up table 13. And when I looked at the data, I noticed something a little weird. One of the sketchy observers opened up table 13 and he was user number 363! This number is incredibly low and I instantly knew that the account had been created by AP or someone who was associated in some way with AP. It had to be a test account of some kind to be made that early in the system. Here’s a screenshot (click image for full size):

I am still hiding some of the sensitive info, but this line in the spreadsheet was probably the key to cracking the case in my opinion. It showed a number of things:

• A Costa Rican IP address (and this IP address becomes more important)
• An observer entering the table and never leaving the table until at least 11:20 PM (or over two hours later when the spreadsheet cuts off)
• A very very low user number that indicates AP involvement in some way — not that the company as a whole knows, but that SOMEONE on the inside was involved.

The next step was to cross reference the IP address within the file. When I did that, some info on the other “sketchy” guy came up (click image for full size):

Once again I blacked out some of the info, but the important thing is that SCOTT@RIVIERALTD.COM had the same IP address as user 363. He stopped by table 9 for whatever reason for about 20 seconds. The only real significance of table 9, as far as I know, was that Mark Seif, an AP sponsored player and AP co-owner (I think?) was playing on it. That doesn’t mean that Mark was involved, but it is a relevant fact with regards to table 9.

The next step, which I think I did the next day, was to figure out some info on rivieraltd.com. I pinged the domain and found the IP to be 66.212.244.147. Note that someone has since changed this, but the IP can still be connected to the mail server as of this writing. Then upon doing further research on that IP address, I traced it to what I believed to be the Kahnawake gaming commission. I posted my findings on 2+2 and P5s. Then a poster on P5s named JackBileDuct pointed out the following:

66.212.244.147 is mail.riveraltd.com telneting to it on port 25 gets a greeting from a mail server. It *IS* a mail server.

Also that IP is NOT the Kahnawake Gaming Commission. Are you ready for this… It is AP.

Mohawk Internet Technologies MIT-BLK-01 (NET-66-212-224-0-1)
66.212.224.0 – 66.212.255.255
Absolute Entertainment S.A. MIT-ABPOK-02 (NET-66-212-244-128-1)
66.212.244.128 – 66.212.244.255

Go to http://www.arin.net and enter the IP address in a whois search. That connection is from one of their own IP’s….

CustName: Absolute Entertainment S.A.
Address: Plaza Mayor 2nd building 2nd floor
City: San Jose
StateProv:
PostalCode:
Country: CR
RegDate: 2006-08-16
Updated: 2006-09-26

That might be kind of technical, but the general idea is that the email address was hosted by Kahnawake but actually belong to AP! So this SCOTT@RIVIERALTD.COM fellow was actually connected to AP. This was overwhelming evidence in my mind… remember:

1. There was a low numbered user watching the table (and probably sharing hole card info) with the suspicious player POTRIPPER
2. The low numbered user was connecting from Costa Rica
3. An AP-associated person was on the same IP address and even though he wasn’t watching table 13, he revealed himself nonetheless

My head was spinning. I kept posting more and more of these revelations online. One issue was that I didn’t know who Scott was. So I sent out a feeler email (PM in some cases) asking various places to check on the IP address that was used by the two sketchy accounts.

Sure enough, I woke up Tuesday morning to find a rash of evidence sitting in front of me. 2+2 moderator Adanthar found that the IP address was used by a 2+2 account with the login name scotttom. P5s admin Adam Small told me that he knew one of the AP owners was named Scott (although he didn’t say the last name). A few other sources who do not want to be named told me that Scott Tom was associated with that IP address. It was also pointed out to me that there was an online blog post where some girl said that Scott and Phil Tom (brothers I think, although only Scott seems to have been implicated) were AP owners and executives. Adanthar posted his findings on 2+2 and revealed that he’d connected the somewhat mysterious IP address to an actual person. Also, other sources that do not want to be named confirmed that the IP address was a residential cable modem tied specifically to the Tom family.

So that’s how everything was tied together on as simple a level as I can make it. I am not including a ton of various leads that I’ve followed or some of the inside info that I received, but this is the general gist of it. I’ll post more as time goes on, especially on things like the media, AP and community reactions to this stuff.

I’ve posted about this type of stuff before. But I can’t get enough of these wingsuit/BASE jumping videos. Some of the stuff these guys do is just amazing. I don’t think I could bring myself to get as crazy as this, but I definitely would want to try sky diving and maybe some sort of wingsuit jumping if I got to the point where I was competent enough to try it.

So, my parents are here visiting this week/weekend. My dad is here for a work reason and my mom came down to hang out for a few days. Since my dad was doing work stuff on Friday, my mom and I headed over to Stone Mountain, which is a 1,000 foot-high granite stone about 20 miles from downtown Atlanta. There’s also a huge sculpture in the side of the rock of some southern Civil War leaders. It’s a pretty impressive sight. Here are some pics (sorry, not going to post family pics on here):

On the ride up

Downtown Atlanta zoomed

Downtown Atlanta not as close up

Me on the top (photo credit: Mom)

Some of the life that manages to survive at the top of a barren rock

View of people walking to the edge

On the ride down

As good of a “side view” of the sculpture as I could get. You can kinda see how far they actually stick out of the rock.

Looking back up the cables

The huge relief in the side of the rock

A close up