Simple Complexity

By Nathan Danforth on Mar 4, 2008 | Reply

A lot of people are interested in this topic… so I decided to post the story here if it fits:

Okay, so I didn’t completely “solve” the whole AP mess. After all, nobody has received any compensation, nor has Absolute even admitted that any sort of fraud even occurred.

However, some recent damning evidence has come to light that has allowed me to put together a complete start-to-finish re-creation of the crime. The newest development again involves the POTRIPPER tournament. Thanks to a blunder by support, one of the players in that tournament accidentally received an Excel spreadsheet containing the hole cards, IP addresses, AP account ID numbers, and e-mail addresses of most players in the tournament. Nat Arem of pokerdb.com analyzed it, and came up with the following new conclusions:

1) POTRIPPER was initially placed at Table 13. He folded his first few hands.

2) About 2 1/2 minutes into the tournament, a railtard opened up Table 13. This railtard had a Costa Rican IP address, which is where AP is located. The ID number of this account was 363 — a number so low that it probably pre-dated AP’s opening to the public.

3) Account 363 stayed at Table 13 for the entire duration that POTRIPPER was there.

4) POTRIPPER started cold-calling every hand as soon as Account 363 showed up.

The Excel spreadsheet is incomplete. Not all hands are listed, and not all users are listed. However, the part that has been seen has been authenticated by several players in the tournament, according to those on 2+2, and it is generally accepted as being legit.

Obviously, given the Costa Rican connection, as well as account #363 being involved, it is now clear that this was an inside job, as opposed to being perpetrated by outside hackers.

===================================================================

Given the above, as well as everything else that has come to light over the past 2 months, I now have competely pieced together this entire situation. I will outline it below, in “timeline” format:

Sometime in 2003 or 2004: Absolute Poker’s software is under development. Several hundred test accounts are created during the development and QA process. Among them is account #363, which is a superuser account. Account #363, unlike the others, has the ability to see hole cards at any table it opens. This can be an important tool during the testing process, as the developers can quickly and easily see that the pots are being shipped to the correct people. Of course, Account #363 is not actually registered to anyone, nor is it ever enabled to play in real money games. It exists strictly for “visual” purposes, and only used during the testing and development process.

Sometime between AP’s opening and the middle of 2007: Four totally unrelated accounts are opened by four differnet people in different areas of the United States. GRAYCAT likes Limit Hold ‘Em, but he isn’t particularly good at it. He takes a few shots at the game, but is outclassed by his opponents and busts. He finally gives up on the site and stops logging in. The same happens with STEAMROLLER, who plays both Limit and NL. Again, he’s a donk who plays some here and there, is never too active, but is active enough for a few people to remember him. Like most donks, he chunks off one too many buyins and is done with AP. DOUBLEDRAG, who likes NL, has a similar story. He plays a number of times, yet can’t seem to consistently win and eventually busts. POTRIPPER enjoys tournaments, but he just isn’t catching the right cards or making the right moves. Like the other three, he goes donk down and tries his luck elsewhere. These four guys are not cheaters. They aren’t friends. They have never met, rarely (or never) played in the same game, and each had a different focus on the type of poker they liked to play. However, they all have one important thing in common: They were donks, lost their money, live in the United States, and have apparently not logged into their AP accounts for at least a few months.

July or early August, 2007: AP is in the process of a major software upgrade. One of the programmers, who lives locally in Costa Rica, stumbles upon account #363. He realizes how much money one could make by exploiting this little test account at the highest games the site has to offer. He realizes that this would need to be done carefully, as much suspicion will be placed upon a new account that inexplicably crushes the best players in the world. This rogue programmer comes up with the following plan of action:

1) Take over legitimate (but now inactive) accounts on AP. This can easily be done at the server side of AP, by simply changing the password of such accounts. He looks for an inactive, losing Limit player and comes up with GRAYCAT. When searching for an NL counterpart, he finds DOUBLEDRAG. He sees the apparently abandoned POTRIPPER with a history of losing tournament play. Finally, he finds an all-purpose account, STEAMROLLER, who has a (losing) history in all three areas. The password to all four accounts is changed, and they are now in the possession of the rogue programmer. The actual owners of the accounts are not likely to find out, as they seem to have already given up on AP.

2) Plan to play short sessions at the highest limit games with each of these accounts. Log onto account 363 on another computer, opening up the table where you’re playing, so as to see everyone’s hole cards. Don’t multi-table, as there is a lot of information to see at once, and this will be too hard to manage. Regarding game selection, stick to the area of interest previously shown by each account. GRAYCAT will stay at Limit, DOUBLEDRAG will play primarily NL, etc. Don’t win too much at one sitting, and don’t stay for too long. Come up with excuses such as, “Time for dinner” when abruptly leaving.

3) When winning pots, act excited in chat, saying things like “Yes!” or “All right!” when winning. This will make you look like a maniac-type donk who is giddy about winning thanks to freak luck.

4) Get friends and relatives involved, preferably those who might already have accounts on AP. Have them deposit some money to get started, even if you need to front it to them.

5) You cannot use GRAYCAT, STEAMROLLER, DOUBLEDRAG, or POTRIPPER to cash out, since they are still registered to innocent, legitimate players in the United States! That’s where the friends and relatives will come into the mix. After winning a lot of money on GRAYCAT, STEAMROLLER, DOUBLEDRAG, and POTRIPPER, play against these friends/relatives heads up, and dump all the winnings. Make sure that each friend/relative plays a different cheat-account heads up, so as to not arouse suspicion. GRAYCAT will play SUPERCARDM55 and lose badly. DOUBLEDRAG will drop his entire roll to REYMNALDO. STEAMROLLER and POTRIPPER will also play different friend/relative accounts and, like the other two, will lose everything.

6) Cash out of the friend/relative accounts. Enjoy the hundreds of thousands of dollars stolen from the top online poker players in the world.

Mid-late August, 2007: The plan actually goes into effect. It happens to start just a few days before the major software upgrade is complete. There is particular reason to begin on this day, but rather is just an arbitrary date that the rogue programmer decides to begin the operation.

Late August, 2007: Plan is proceeding well. A lot is being won, but never too much in one sitting. Even heads up, the cheater restrains himself and keeps the winnings relatively moderate. Still, after numerous very successful short sessions, he is now up in the multiple six figures. The first chip dump operation commences. GRAYCAT drops 55k to SUPERCARDM55 at a 200-400 Limit heads-up table. For the benefit of anyone watching this supposed drubbing, “GRAYCAT” constantly laments his terrible luck, but overacts a bit. SUPERCARDM55 plays one session the next day, loses a few thousand, intentionally, and never plays again. He initiates a cashout.

Early-mid September, 2007: Greed takes over. The money is rolling in so easily, and nobody seems wise to what is going on. GRAYCAT starts to absolutely destroy people both heads-up and full ring. DOUBLEDRAG does the same at NL, often calling huge all-in bets with as little as king-high, if it’s the best hand at the moment. POTRIPPER plays his now-infamous tournament on the 12th, blatantly taking advantage of what he sees under account 363 without concern about later scrutiny. The STEAMROLLER account is brought into the NL and Limit games to try and take some suspicion off GRAYCAT and DOUBLEDRAG. In the meantime, DOUBLEDRAG dumps 300k+ of his winnings to fellow Costa Rican friend REYMNALDO. REYMNALDO initiates a cashout shortly thereafter.

September 16, 2007: Perhaps greed isn’t always good. People start remarking in chat that they are suspecting cheating. As a cover-up attempt, DOUBLEDRAG plays NL again, this time intentionally LOSING every hand. While a decent amount of money is lost in this session, it’s a drop in the bucket compared to what has been won, and is in fact a necessary evil for damage control.

September 17, 2007: The accounts in question are frozen by AP, pending an investigation. It is unclear whether the cashouts of SUPERCARDM55, REYMNALDO, and other recipients of chip-dumping were successful.

====================================================================

There you have it. I strongly believe that the above is VERY close to what actually happened. If the full story ever comes out, you’ll see how close the above is to the actual truth.

Strangely enough, I believe that the actual owners of GRAYCAT, DOUBLEDRAG, POTRIPPER, and STEAMROLLER are innocent. I remember seeing the cities of GRAYCAT and STEAMROLLER, who both played Limit, before the update. (They eliminated the ability to see cities after the update.) Both lived in the U.S. I remember STEAMROLLER being from Miami and GRAYCAT being somewhere further north, like Chicago.

There is a myth that the cheating began after the update. This is not true. I saw cheating occur a few days BEFORE the update. I believe the only part the update has in this whole thing is the fact that it allowed this rogue programmer to go through the AP software and stumble onto the existence of account 363. Account 363 has clearly existed since the beginning. This was not a vulnerability brought on by any recent software change.

I also believe that, before greed took over, the guy behind this was more careful. Near the beginning of the whole thing, in mid-late August, he kept things more moderate. He lost some hands on purpose, and he never killed anyone heads up too badly. For example, GRAYCAT beat me for 6k heads up at 200-400, then quit the game and insulted me from the rail. Obviously he did this to keep things in moderation, not due to any fear of losing to me. This differs from what he did later, such as when he slammed STEREOFLAVAS for 28k in an hourlong September heads-up match. The POTRIPPER tournament was also executed highly carelessly, but again he was probably blinded by greed at this point.

I believe that the guy playing all accounts was one person. I also believe he had a second computer logged into superuser account 363. I think that the only time he invovled others was for chip-dumping. I am relatively certain that you will find SUPERCARDM55, REYMNALDO, and the other dump recipients with Costa Rican addresses, while the four accounts used to cheat all have U.S. addresses.

Also, keep in mind that the cheater simply needed to open account 363 at the right table on a second computer in order to see the hole cards. I am certain that POTRIPPER, GRAYCAT, STEAMROLLER, and DOUBLEDRAG were not special or superuser accounts, and were just like any other account on the system. Perhaps AP support simply looked at these accounts themselves and stupidly determined that no cheating went on. More likely, however, they know what happened and are covering it up.