Ultimate Bet Scandal Q&A
In a short period of time, Ultimate Bet will release a statement regarding the rumored cheating scandal. The statement confirms that former employees had access to hole card data for a period of about 21 months. In addition, Ultimate Bet says they are going to be paying players back for their net losses to the cheating accounts.
EDIT: The statement is available here.
I was able to get an early look at the statement and Ultimate Bet agreed to answer some of my questions. I am not sure if I will be able to ask followup questions, but obviously post any questions you may have in the comments and I’ll see what I can get answered.
Here are my 10 questions and Ultimate Bet’s answers:
1. The “individuals worked for the previous ownership of UltimateBet” — does this mean they were employees of UB only pre-sale but not post-sale? Were any of them owners at any point?
All individuals involved worked for the previous ownership prior to Tokwiro acquiring in Oct 2006. We have learned through our investigation that one of the individuals involved was a liaison to UB post sale as part of the transition, but that person has not worked for the company or had access to systems for roughly a year. The previous ownership of UB was a publicly traded company and we do not believe anyone involved was an owner of the business.
2. When you say Tokwiro is pursuing legal options, does this in anyway include an attempt to have legal charges (either civil or criminal) brought against the individuals responsible?
Yes. We are reviewing all of our legal options, both civil and criminal.
3. Do you expect the names of the individuals responsible to be released at some point?
At this point, we are uncertain how the legal action will ultimately unfold. We have turned over all evidence and information to our regulatory body the KGC.
4. When you say Tokwiro is taking full responsibility, does that mean all of the refunds are coming out of Tokwiro’s pockets? Was any money able to be recovered? If nothing was recovered, do you expect to recover any at any point?
No money has been recovered at this point. All refunds are being paid by Tokwiro. Whether or not we recover any funds depends on the outcome of any legal action.
5. Obviously, people are not happy that it took such effort on the part of the players to notify UB and, for all intents and purposes, harass the site for months and months with the only response being a short statement confirming abnormal winning activity. What would you say were the biggest factors that contributed to the delay?
The most important factors that contributed to the delay were:
First, the complexity of this investigation. We are dealing with a third party software provider and previous software development shops, old versions of the database that complicated our analysis, our regulatory body and their auditors, as well as many years of data.
Second, our desire not to release information until we were certain of its accuracy and thoroughness.
Third, our priorities throughout this investigation have been to make sure the vulnerability was fixed, to make sure that we understood everything that happened. We didn’t want to make any statements before this. Now we are making a statement and refunding players, and the company will continue to do everything possible to prevent anything like this from happening in the future.
6. What sort of information can you give us on the total dollar amount in question?
At this time we are not ready to provide a specific amount.
7. Some of the account name changes happened post-sale. This seems to mean that some of these employees were still involved in the AP-UB enterprise. Either that or they still had friends willing to help them out. Assuming these employees have been fired, when were those responsible for the name changes fired and what sort of further action does Tokwiro have planned?
Unfortunately, some of the account name changes did happen post sale. One individual who was employed by the previous ownership appears to have aided the perpetrators by changing account names. This individual served as liaison to UB through a transition period post sale. After the transition period, this individual continued to send name change requests to our customer service department. The person has not been involved with the company for approximately a year and we have since implemented a no name change policy.
8. I’ve been helping you a little with the Security Center for UB — I think it’s going to be a great tool when it’s finished. When do you reasonably expect it to be ready? Will it apply to both AP and UB?
This Security Center application is a top priority for Tokwiro and this will be used for both AP and UB. We expect the first release to be in production in 6 to 8 weeks.
9. Are you going to have the entire software source code reviewed for any other loopholes? While GA says this loophole is gone, it certainly seems possible that there are other loopholes that current management might not know about.
Gaming Associates has confirmed that the vulnerability has been permanently removed. We are confident that the site is entirely secure. Currently, Gaming Associates is in a continuous audit.
10. If I recall correctly, the AP refunds were completed in under one week (or something close to that). Do you expect the same sort of speed here? Also, will the refunds carry interest in the same manner as the AP refunds?
We expect to have all refunds completed within several days. Tokwiro will be refunding players their net loss for every hand played against the cheating accounts without interest.
If you enjoyed this post, please consider leaving a comment or subscribing to the feed to get future posts delivered to your feed reader.
Comments
I know a friend that just this week changed his name on UB because he had lost chat priveleges under one name due to an issue with a deposit. I dont understand how they are saying we have since implemented a no name change policy.”
They also state that these users are permanently banned however i know of one individual that has been “permanently” banned from UB over and over again and somehow just manages to change his screen name and get right back on.
My only question is: Why did Tokwiro not take any measures prior to Feb 2008 to look for these ‘loopholes’? They had knowledge that AP had similar issues long before the NioNio issues came up, right?
I remember seeing “monizzle” and “rockstarLA” playing highstakes games in years past on UB. Obviously these were accounts that had access to hole cards. Was this investigation able to go back that far to check the history of cheating? I know UB has told me that they only keep records for 6 months. Does this mean that if people were cheated in years prior that there is no way to find this information?
I’m skeptical about on thing: that Absolute and UB both has similar problems before Absolute bought UB… and that there’s no connection. These are the only two major online poker cheating scandals. They occurred in companies under the same ownership. But we’re to believe that there’s no connection? That AP and UB independently had some insider cheating software before AP bought UB? Possible, but it doesn’t make sense to me. It seems more likely that there was a connection, but they haven’t revealed it.
[quote]Tokwiro will be refunding players their net loss for every hand played against the cheating accounts [b]without interest.[/b][/quote]
Sounds like they have a good plan, but why be chintzy about paying interest?
The cheated players have been denied the use of a portion of their bankroll for months and months. The [i]least[/i] UB could have done to compensate them was to pay interest.
Alan
i just recieved an email from UB stating i had been a victim of this and am owed $2800 … didnt even realise there was investigation as i now play elsewhere
UB’s press release makes me wanna puke.
Very intersting article Nat, the online poker community owes yourself and the other key players (dlpnyc21, trambopoline et al) a great deal.
Do AP and UB share the same software platform? Was the UB security hole exactly the same as the AP security hole?
I’ve got to agree with Perpetual_Traveller. You all did a great job uncovering a lot of information. It’s so difficult to find an honest explanation. 2+2 appear to be the only security team. Theres too many ???? and no real answers. I think most of the bases were covered in the forums, the UB Press Release seems to back that theory. The sad thing is, some online players don’t care.
It’s the only rigged theory that I have seen with strong evidence and it happened twice on the same company. It’s the only company I know of to shell out 2 large bad beat jackpots to the same player.
I hope your efforts make a difference other than a few token refunds.
Well done, you and your team have done a great job!
IMO an UB scandal was just a matter of time, since its ownership is shared with AP.
I don’t know why someone would put their money at stake in UB after those problems happened AP. I’d insta-cashout if I had any funds there.
-They won’t say how much money was lost to the cheaters
-They won’t name the cheaters
-They won’t say what legal action will be taken
-They don’t say what they’ve done to guarantee the site is now safe
-They don’t explain why the players were the ones who found the problem instead of their “security experts”
-They don’t explain why they choose not to pay interest on the loses
-They don’t provide a clear historical timeline of when the cheating occurred and the number of players affected by it
-They don’t provide players a way to check for themselves if they every played against any of the known cheaters
-They don’t explain why it took months and months to figure the issue out other than to say it “was complex”
They definitely don’t get me playing on their site.
Nat was there something specific you were alluding to when previously you said you couldnt say anymore because what you would say would jeopardize the funds being returned?
Who would keep playing at a site were all the players the hole cards are sent over to the client, seriously? If the programmers thought that was safe think about all the other issues the system is bound to have. LEt me repeat that they sent all the card to the client!!! Oh my good why not send over the full deck so you really can cheat.
I’m amazed they didnt loose all players, guess there is a sucker born every minute.
Even if they were smart enought to have the server sending the other players hole cards only to super users it’s still an obvoius security leak thats unaceptable. Nobody in their right mind would build a system were a client can get that kind of info while the hand is still not finished.
It’s one thing to log it but that should be on the server side and when possible after the hand is done.
Nice work! respece(=
I have had more problems with ub then all other sight’s i play on put to gether hehe..(just love the softwear tho!)
That gaming commission seam like a lap dog organ for legitimizing with out realy doing shit to prevent any abuse ageinst players with out hudge presure from the public..
They dont release any info because chances are they are in on it. Think about it all these high stakes games and tourneys. Refuse to give it any attention despite all the complaints until it caught up with them and they gotta pin it on people they wont even release.
UB should also investigate KrazyKanuck adnormal winning streaks.. About 3 or 4 years ago KrazyKanuck won the $10000 aruba entry tournament about 8 times. Hit the $500 tournament back to back weeks. Not to mention he was unbeatable and would win with any 2 cards and knew exactly what flops to call down.. If thats not adnormal winning???? I dont what is??????
How the world could anyone figure out how many players were directly affected by these cheaters. It’s a real black eye, for online poker. It’s a disgrace and legal charges should be brought against the perpetrators.
That’s great work, obv…